Some extra 0-click fun! Seth Jenkins and I trying to figure out why our exploit isn’t working, when it has, in fact, already started taking and exfiltrating photos

Today, Project Zero released a 0-click exploit chain for the Pixel 9. While it targets the Pixel, the 0-click bug and exploit techniques we used apply to most other Android devices. projectzero.google/2026/01/pixe...

But wait, I haven’t read all the “Best Books of 2024” yet

Thank you, we love the design 😍

We launched a redesigned Project Zero website today at projectzero.google ! To mark the occasion, we released some older posts that never quite made it out of drafts. Enjoy!

An analysis of a recent 0-click exploit targeting Samsung devices: googleprojectzero.blogspot.com/2025/12/a-lo...

Crime show: “We know the victim died at night because we found beef in his stomach.” Me, shoving a left-over burger in my face at 7am: 🫢

Your phone’s more likely to hit the ASLR state you need if you put a lucky dragon on it

I love how my city sends me text message alerts when there’s the chance to see a sinkhole

New Blog Post: Seth Jenkins broke kASLR by doing … nothing 😩 googleprojectzero.blogspot.com/2025/11/defe...

Serious bugs often occur in third-party components integrated by other software. Ivan Fratric and I found this vulnerability in the Dolby Unified Decoder. It affects Android, iOS and Windows among other platforms, sometimes 0-click. project-zero.issues.chromium.org/issues/42807...

Super cool potential ASLR leak involving dictionary hashes! googleprojectzero.blogspot.com/2025/09/poin...

fseek and you shall lfind

Zero-day developer and seller Exodus casually brags in a blog post about having found a WebKit zero-day and sold it for a year and a half. blog.exodusintel.com/2025/08/04/o... Clément Lecigne and Benoît Sevens of Google's Threat Analysis Group were the ones that reported it to Apple.

Left blue, right red #defcon

How to use your Defcon badge

“You wouldn’t happen to have anything that could help me understand today’s ever-changing threat landscape? Perhaps involving a bit of AI?”

Peak BH slide

Do you ever feel like maybe you should sign something, but aren’t quite sure you can follow through?

We also posted our first Transparency Report googleprojectzero.blogspot.com/p/reporting-...

While most vendors ship timely patches for vulnerabilities reported by Project Zero, they don’t always reach users. Today, we’re announcing Reporting Transparency, a new policy to encourage downstream fixes googleprojectzero.blogspot.com/2025/07/repo...

maybe there's still some good left in this world after all

The new Tamagotchi Switch game has rap battles where the Tamas rap about how they respect and enjoy each others’ unique differences

Inventor of the GIF, hearing about Notre Dame burning: oh no the jarjoyles

I accidentally closed a browser yesterday with 72 VERY IMPORTANT TABS that have been following me around like Jacob Marley and somehow my history is not recoverable. Reader, I let them go, and have lived to tell the tale.

At least 3 miles of protesters along El Camino in Sunnyvale

I Googled “how to shorten a chain,” and got no good answers, so here’s the answer, here’s how you temporarily shorten it

www.ibiblio.org/harris/500mi... You might be one of the lucky people to learn today about an emailing bug that turned out to be caused by the speed of light.

If there’s one thing I’ve learned, it’s that tab completion is never “just broken today”

If $106,050.10 was the size of a quarter, it would fit in 424,200.4 fewer shipping containers than …

The world never says hello back

The final part of Mateusz’s Windows Registry series is live! Contains all the hive memory corruption exploitation you’ve been waiting for googleprojectzero.blogspot.com/2025/05/the-...

🚨 CALLING ALL VULNERABILITY RESEARCHERS 🚨 The Junkyard is officially open! This is our live, on-stage pwnathon dedicated to end-of-life systems. Submit your bugs! Prizes range from $100 to $5,000 for categories like: ☄️ Most Impactful System 👾 Best Meme Target 👏 Most Engaging Presentation

Movie you've watched more than 1000 times using gifs. ("Hard mode" no Star Wars, Star Trek, or LoTR)

Should be a Canada goose

Another must-watch talk from RE//verse 2025 is live! Zion Basque challenges decompilers to step up their game and introduces a roadmap for a practical solution to solve some of the trickiest compiler behavior's to analyze. Check it out here:

Comment 6: I don’t know, ask Past Natalie

I know, Word. "syncable" isn't a word. But the dictionary is powerless against Microsoft.

You wouldn’t download an orange tree

Not correct, yet a strange window into my soul

tl;dr WhatsApp fixed the vuln on the back end, so you don't need to do anything to your phone, up to and including enabling Lockdown mode. Paragon Solutions sucks and you should be mad at them for enabling spying on civil society. www.theguardian.com/technology/2...

New blog post on the abuse of the IDispatch COM interface to get unexpected objects loaded into a process. Demoed by using this to get arbitrary code execution in a PPL process. googleprojectzero.blogspot.com/2025/01/wind...

Killer lineup! Can’t wait to attend. If you are into reverse engineering, check out the new Re-Verse conference, launching in February! The team behind it is incredible. This is going to be the new Infiltrate.

We're pleased to announce Natalie Silvanovich @natashenka.bsky.social as the keynote speaker for the inaugural RE//verse. She might have started out hacking Tamagotchis, but she certainly didn't stop there!

Just unrestricted an issue that shows a fun new attack surface. Android RCS locally transcribes incoming media, making vulnerabilities audio codecs now fully-remote. This bug in an obscure Samsung S24 codec is 0-click project-zero.issues.chromium.org/issues/36869...

WARNING: This product contains programming languages known to the State of California to cause memory unsafety