This project hosts security advisories and their accompanying proof-of-concepts related to research conducted at Google which impact non-Google owned code.
We believe that vulnerability disclosure is a two-way street. Vendors, as well as researchers, must act responsibly. This is why Google adheres to a 90-day disclosure deadline. We notify vendors of vulnerabilities immediately, with details shared in public with the defensive community after 90 days, or sooner if the vendor releases a fix.
You can read up on our full policy at: https://www.google.com/about/appsecurity/.
The disclosure of vulnerabilities are all in the form of security advisories, which can be browsed in the Security Advisories page.
Accompanying proof-of-concept code will be used to demonstrate the security vulnerabilities.
| Year | Title | Advisories | Links |
|---|---|---|---|
| 2023 | Oracle VM VirtualBox 7.0.10 r158379 Escape | CVE-2023-22098 | PoC |
| 2023 | Linux: eBPF Path Pruning gone wrong | CVE-2023-2163 | PoC |
| 2023 | XGETBV is non-deterministic on Intel CPUs | PoC | |
| 2023 | XSAVES Instruction May Fail to Save XMM Registers | PoC | |
| 2022 | RET2ASLR - Leaking ASLR from return instructions | PoC | |
| 2022 | Unexpected Speculation Control of RETs | PoC | |
| 2022 | Bleve Library: Traversal Vulnerabilities in Create / Delete IndexHandler | GHSA-gc7p-j7x8-h873 | PoC |
| 2022 | Microsoft: CBC Padding Oracle in Azure Blob Storage Encryption Library | CVE-2022-30187 | PoC |
| 2022 | Apple: Heap-based Buffer Overflow in libresolv | GHSA-6cjw-q72j-mh57 | PoC |
| 2022 | Apache: Code execution in log4j2 | CVE-2021-45046 | PoC |
| 2021 | Surface Pro 3: BIOS False Health Attestation (TPM Carte Blanche) | CVE-2021-42299 | Write-up, PoC |
| 2021 | CVE-2021-22555: Turning \x00\x00 into 10000$ | CVE-2021-22555 | Write-up, PoC |
| 2021 | Linux: KVM VM_IO|VM_PFNMAP vma mishandling | CVE-2021-22543 | PoC |
| 2021 | BleedingTooth: Linux Bluetooth Zero-Click Remote Code Execution | CVE-2020-24490, CVE-2020-12351, CVE-2020-12352 | Write-up, PoC |
The advisories and patches posted here are free and open source.
See LICENSE for further details.
The easiest way to contribute to our security research projects is to correct the patches when you see mistakes.
Please read up our Contribution policy.