Natalie Silvanovich
@natashenka.bsky.social
đ€ 723
đ„ 184
đ 70
Google Project Zero
Some of us donât snitch, alright?
www.calparks.org/press/califo...
loading . . .
Californians Urged to Observe and Report Monarch Butterfly Sightings
https://www.calparks.org/press/californians-urged-observe-and-report-monarch-butterfly-sightings
4 days ago
0
1
0
Thereâs âshrinkwrapâ on this Tamagotchi ⊠sticker
26 days ago
0
0
0
And the Owl said, âIf you want to find the maintainer, go to the north side of the pond when the moon is out. Turn yourself around three times, then look into the water to see them.â
about 1 month ago
0
3
0
reposted by
Natalie Silvanovich
OffensiveCon
about 1 month ago
A 0-Click Exploit Chain For The Pixel 10 by
@natashenka.bsky.social
and Seth Jenkins
0
7
1
Seth Jenkins updated our 0-click exploit chain to work on a Pixel 10 with an eye-popping driver bug! Weâll be presenting this work Saturday
@offensivecon.bsky.social
projectzero.google/2026/05/pixe...
loading . . .
A 0-click exploit chain for the Pixel 10: When a Door Closes, a Window Opens
We recently published an exploit chain for the Google Pixel 9 that demonstrated it was possible t...
https://projectzero.google/2026/05/pixel-10-exploit.html
about 1 month ago
0
8
6
Big changes to Android and Chrome VRP: - focus on high-impact, reproducible bugs with low/no reward for lower impact - big prizes for full chains with some annual limits - PoCs required Itâs the end of an era, but the start of a new one.
bughunters.google.com/blog/evolvin...
loading . . .
Blog: Evolving the Android & Chrome VRPs for the AI Era
We are announcing changes to the Chrome & Android Vulnerability Reward Programs (VRP) which take effect immediately and are focused on adjusting our reward amounts and bonuses to reflect the types of ...
https://bughunters.google.com/blog/evolving-the-android-chrome-vrps-for-the-ai-era
about 2 months ago
0
6
4
Thereâs a little piece of my heart that beats just for Spanify
groups.google.com/a/chromium.o...
loading . . .
Introducing Spanification
https://groups.google.com/a/chromium.org/g/chromium-dev/c/iEy69ygz-rs
2 months ago
0
2
0
Amazing work by Meta implementing fast and robust WebRTC updates! âWe canât push updates because âŠâ can often be solved with investment and innovative engineering
engineering.fb.com/2026/04/09/d...
loading . . .
Escaping the Fork: How Meta Modernized WebRTC Across 50+ Use Cases
At Meta, WebRTC powers real-time audio and video across various platforms. But forking a large open-source project like WebRTC within our monorepo presents unique challenges â over time, an internaâŠ
https://engineering.fb.com/2026/04/09/developer-tools/escaping-the-fork-how-meta-modernized-webrtc-across-50-use-cases/
2 months ago
1
1
0
Just put a reminder in my calendar for November 1, 2026 to check whether we still have bugs
3 months ago
1
4
0
reposted by
Natalie Silvanovich
3 months ago
Mountain View Reverse Engineering (mtvre) meetup on Wed! 7:00 pm at Wagon Wheel BBQ. Talks: -
@tubetime.bsky.social
on "HP 16717 PCB Reverse Engineering" (40 min) -
@natashenka.bsky.social
on "0-click Android exploits" (25 min)
1
5
3
Ivan Fratric shares some tips and tricks for grammar fuzzing
projectzero.google/2026/03/muta...
loading . . .
On the Effectiveness of Mutational Grammar Fuzzing
Mutational grammar fuzzing is a fuzzing technique in which the fuzzer uses a predefined grammar t...
https://projectzero.google/2026/03/mutational-grammar-fuzzing.html
4 months ago
0
7
4
4 months ago
0
1
0
In the final part of his blog series,
@tiraniddo.dev
tells the story of how a bug was introduced into a Windows API. Code re-writes can improve security, but itâs important not to forget the security properties the code needs to enforce in the process.
projectzero.google/2026/02/gphf...
loading . . .
A Deep Dive into the GetProcessHandleFromHwnd API - Project Zero
In my previous blog post I mentioned the GetProcessHandleFromHwnd API. This was an API I didnât know existed until I found a publicly disclosed UAC bypass us...
https://projectzero.google/2026/02/gphfh-deep-dive.html
4 months ago
0
5
4
Part 2 of
@tiraniddo.dev
âs Windows Administrator Protection journey is here!
projectzero.google/2026/02/wind...
loading . . .
Bypassing Administrator Protection by Abusing UI Access - Project Zero
In my last blog post I introduced the new Windows feature, Administrator Protection and how it aimed to create a secure boundary for UAC where one didnât exi...
https://projectzero.google/2026/02/windows-administrator-protection.html
4 months ago
1
5
5
The remarkable true story of how Flash was deprecated
medium.com/@aglaforge/w...
loading . . .
What Really Killed Flash Player: A Six-Year Campaign of Deliberate Platform Work
This is what it actually took. From the person who architected and drove Chromeâs Flash deprecation from proposal to the final removal inâŠ
https://medium.com/@aglaforge/what-really-killed-flash-player-a-six-year-campaign-of-deliberate-platform-work-279d491633f9
5 months ago
1
5
3
Our intrepid 20%-er Dillon Franke exploited a vulnerability in CoreAudio. See his process for gaining privilege escalation on a Mac:
projectzero.google/2026/01/soun...
loading . . .
Breaking the Sound Barrier, Part II: Exploiting CVE-2024-54529 - Project Zero
In the first part of this series, I detailed my journey into macOS security research, which led to the discovery of a type confusion vulnerability (CVE-2024-...
https://projectzero.google/2026/01/sound-barrier-2.html
5 months ago
0
7
1
No security feature is perfect.
@tiraniddo.dev
reviewed Windowsâ new Administrator Protection and found several bypasses.
projectzero.google/2026/26/wind...
loading . . .
Bypassing Windows Administrator Protection - Project Zero
A headline feature introduced in the latest release of Windows 11, 25H2 is Administrator Protection. The goal of this feature is to replace User Account Cont...
https://projectzero.google/2026/26/windows-administrator-protection.html
5 months ago
0
5
5
Some extra 0-click fun! Seth Jenkins and I trying to figure out why our exploit isnât working, when it has, in fact, already started taking and exfiltrating photos
5 months ago
0
8
0
Today, Project Zero released a 0-click exploit chain for the Pixel 9. While it targets the Pixel, the 0-click bug and exploit techniques we used apply to most other Android devices.
projectzero.google/2026/01/pixe...
loading . . .
A 0-click exploit chain for the Pixel 9 Part 1: Decoding Dolby - Project Zero
Over the past few years, several AI-powered features have been added to mobile phones that allow users to better search and understand their messages. One ef...
https://projectzero.google/2026/01/pixel-0-click-part-1.html
5 months ago
1
56
35
But wait, I havenât read all the âBest Books of 2024â yet
6 months ago
0
5
1
Thank you, we love the design đ
add a skeleton here at some point
6 months ago
0
4
0
We launched a redesigned Project Zero website today at
projectzero.google
! To mark the occasion, we released some older posts that never quite made it out of drafts. Enjoy!
loading . . .
Google Project Zero
Make zeroday hard
https://projectzero.google
6 months ago
0
18
5
An analysis of a recent 0-click exploit targeting Samsung devices:
googleprojectzero.blogspot.com/2025/12/a-lo...
loading . . .
A look at an Android ITW DNG exploit
Posted by BenoĂźt Sevens, Google Threat Intelligence Group Introduction Between July 2024 and February 2025, 6 suspicious image files were ...
https://googleprojectzero.blogspot.com/2025/12/a-look-at-android-itw-dng-exploit.html
6 months ago
1
7
5
Crime show: âWe know the victim died at night because we found beef in his stomach.â Me, shoving a left-over burger in my face at 7am: đ«ą
7 months ago
2
4
0
Your phoneâs more likely to hit the ASLR state you need if you put a lucky dragon on it
7 months ago
0
3
0
I love how my city sends me text message alerts when thereâs the chance to see a sinkhole
7 months ago
0
0
0
New Blog Post: Seth Jenkins broke kASLR by doing ⊠nothing đ©
googleprojectzero.blogspot.com/2025/11/defe...
loading . . .
Defeating KASLR by Doing Nothing at All
Posted by Seth Jenkins, Project Zero Introduction I've recently been researching Pixel kernel exploitation and as part of this research I ...
https://googleprojectzero.blogspot.com/2025/11/defeating-kaslr-by-doing-nothing-at-all.html
8 months ago
0
10
5
Serious bugs often occur in third-party components integrated by other software. Ivan Fratric and I found this vulnerability in the Dolby Unified Decoder. It affects Android, iOS and Windows among other platforms, sometimes 0-click.
project-zero.issues.chromium.org/issues/42807...
loading . . .
Project Zero
https://project-zero.issues.chromium.org/issues/428075495
8 months ago
1
10
1
Super cool potential ASLR leak involving dictionary hashes!
googleprojectzero.blogspot.com/2025/09/poin...
loading . . .
Pointer leaks through pointer-keyed data structures
Posted by Jann Horn, Google Project Zero Introduction Some time in 2024, during a Project Zero team discussion, we were talking about how...
https://googleprojectzero.blogspot.com/2025/09/pointer-leaks-through-pointer-keyed.html
9 months ago
0
10
6
fseek and you shall lfind
9 months ago
0
1
0
reposted by
Natalie Silvanovich
Lorenzo Franceschi-Bicchierai
10 months ago
Zero-day developer and seller Exodus casually brags in a blog post about having found a WebKit zero-day and sold it for a year and a half.
blog.exodusintel.com/2025/08/04/o...
Clément Lecigne and Benoßt Sevens of Google's Threat Analysis Group were the ones that reported it to Apple.
1
21
10
Left blue, right red
#defcon
11 months ago
0
3
0
How to use your Defcon badge
11 months ago
1
4
1
âYou wouldnât happen to have anything that could help me understand todayâs ever-changing threat landscape? Perhaps involving a bit of AI?â
11 months ago
0
3
1
Peak BH slide
11 months ago
0
1
0
Do you ever feel like maybe you should sign something, but arenât quite sure you can follow through?
11 months ago
0
4
0
We also posted our first Transparency Report
googleprojectzero.blogspot.com/p/reporting-...
loading . . .
Reporting Transparency
As part of our 2025 Policy Trial , Project Zero will use this page to publicly track our Reporting Transparency effort. The trial commenced ...
https://googleprojectzero.blogspot.com/p/reporting-transparency.html
11 months ago
0
3
1
While most vendors ship timely patches for vulnerabilities reported by Project Zero, they donât always reach users. Today, weâre announcing Reporting Transparency, a new policy to encourage downstream fixes
googleprojectzero.blogspot.com/2025/07/repo...
loading . . .
Policy and Disclosure: 2025 Edition
Posted by Tim Willis, Google Project Zero In 2021, we updated our vulnerability disclosure policy to the current "90+30" model. Our goals we...
https://googleprojectzero.blogspot.com/2025/07/reporting-transparency.html
11 months ago
1
6
9
reposted by
Natalie Silvanovich
Microplastics Sommelier
11 months ago
maybe there's still some good left in this world after all
loading . . .
311
17256
4896
The new Tamagotchi Switch game has rap battles where the Tamas rap about how they respect and enjoy each othersâ unique differences
12 months ago
0
3
0
reposted by
Natalie Silvanovich
lukelukeluke
12 months ago
Inventor of the GIF, hearing about Notre Dame burning: oh no the jarjoyles
70
5276
1240
reposted by
Natalie Silvanovich
Dr. Jen Gunter
about 1 year ago
I accidentally closed a browser yesterday with 72 VERY IMPORTANT TABS that have been following me around like Jacob Marley and somehow my history is not recoverable. Reader, I let them go, and have lived to tell the tale.
30
429
14
At least 3 miles of protesters along El Camino in Sunnyvale
about 1 year ago
1
6
0
I Googled âhow to shorten a chain,â and got no good answers, so hereâs the answer, hereâs how you temporarily shorten it
about 1 year ago
0
1
0
reposted by
Natalie Silvanovich
Pookleblinky
about 1 year ago
www.ibiblio.org/harris/500mi...
You might be one of the lucky people to learn today about an emailing bug that turned out to be caused by the speed of light.
loading . . .
The case of the 500-mile email
https://www.ibiblio.org/harris/500milemail.html
2
43
16
If thereâs one thing Iâve learned, itâs that tab completion is never âjust broken todayâ
about 1 year ago
0
0
0
about 1 year ago
0
2
0
If $106,050.10 was the size of a quarter, it would fit in 424,200.4 fewer shipping containers than âŠ
about 1 year ago
0
0
0
The world never says hello back
about 1 year ago
2
8
2
The final part of Mateuszâs Windows Registry series is live! Contains all the hive memory corruption exploitation youâve been waiting for
googleprojectzero.blogspot.com/2025/05/the-...
loading . . .
The Windows Registry Adventure #8: Practical exploitation of hive memory corruption
Posted by Mateusz Jurczyk, Google Project Zero In the previous blog post , we focused on the general security analysis of the registry a...
https://googleprojectzero.blogspot.com/2025/05/the-windows-registry-adventure-8-exploitation.html
about 1 year ago
0
6
4
Load more
feeds!
log in
