Announcing GUAC, a great pairing with SLSA (and SBOM)!Posted by Brandon Lum, Mihai Maruseac, Isaac Hepworth, Google Open Source Security Team Supply chain security is at...

Google Pixel 7 and Pixel 7 Pro: The next evolution in mobile securityDave Kleidermacher, Jesse Seed, Brandon Barbello, Sherif Hanna, Eugene Liderman, Android, Pixel, and Silicon...

Security of Passkeys in the Google Password ManagerPosted by Arnar Birgisson, Software Engineer We are excited to announce passkey support on Android and Chrome for developers...

Use-after-freedom: MiraclePtr Posted by Adrian Taylor, Bartek Nowierski and Kentaro Hara on behalf of the MiraclePtr team Memory safety bugs are the most numerous category of...

Fuzzing beyond memory corruption: Finding broader classes of vulnerabilities automaticallyPosted by Jonathan Metzman, Dongge Liu and Oliver Chang, Google Open Source Security Team Recently, OSS-Fuzz—our community...

Announcing Google’s Open Source Software Vulnerability Rewards ProgramPosted by Francis Perron, Open Source Security Technical Program Manager, and Krzysztof Kotowicz, Information Security Engineer  Today, we are...

Announcing the Open Sourcing of Paranoid's Library Posted by Pedro Barbosa, Security Engineer, and Daniel Bleichenbacher, Software Engineer Paranoid is a project to detect well-known weaknesses in...

Making Linux Kernel Exploit Cooking Harder Posted by Eduardo Vela, Exploit Critic Cover of the medieval cookbook. Title in large letters kernel Exploits. Adorned. Featuring a...

How Hash-Based Safe Browsing Works in Google ChromeBy Rohit Bhatia, Mollie Bates, Google Chrome Security There are various threats a user faces when browsing the web....

DNS-over-HTTP/3 in AndroidPosted by Matthew Maurer and Mike Yu, Android team To help keep Android users’ DNS queries private, Android supports encrypted DNS. In addition to...