Home

Awesome

Security Research

This project hosts security advisories and their accompanying proof-of-concepts related to research conducted at Google which impact non-Google owned code.

We believe that vulnerability disclosure is a two-way street. Vendors, as well as researchers, must act responsibly. This is why Google adheres to a 90-day disclosure deadline. We notify vendors of vulnerabilities immediately, with details shared in public with the defensive community after 90 days, or sooner if the vendor releases a fix.

You can read up on our full policy at: https://www.google.com/about/appsecurity/.

Advisories

The disclosure of vulnerabilities are all in the form of security advisories, which can be browsed in the Security Advisories page.

Proof of Concepts

Accompanying proof-of-concept code will be used to demonstrate the security vulnerabilities.

YearTitleAdvisoriesLinks
2023Oracle VM VirtualBox 7.0.10 r158379 EscapeCVE-2023-22098PoC
2023Linux: eBPF Path Pruning gone wrongCVE-2023-2163PoC
2023XGETBV is non-deterministic on Intel CPUsPoC
2023XSAVES Instruction May Fail to Save XMM RegistersPoC
2022RET2ASLR - Leaking ASLR from return instructionsPoC
2022Unexpected Speculation Control of RETsPoC
2022Bleve Library: Traversal Vulnerabilities in Create / Delete IndexHandlerGHSA-gc7p-j7x8-h873PoC
2022Microsoft: CBC Padding Oracle in Azure Blob Storage Encryption LibraryCVE-2022-30187PoC
2022Apple: Heap-based Buffer Overflow in libresolvGHSA-6cjw-q72j-mh57PoC
2022Apache: Code execution in log4j2CVE-2021-45046PoC
2021Surface Pro 3: BIOS False Health Attestation (TPM Carte Blanche)CVE-2021-42299Write-up, PoC
2021CVE-2021-22555: Turning \x00\x00 into 10000$CVE-2021-22555Write-up, PoC
2021Linux: KVM VM_IO|VM_PFNMAP vma mishandlingCVE-2021-22543PoC
2021BleedingTooth: Linux Bluetooth Zero-Click Remote Code ExecutionCVE-2020-24490, CVE-2020-12351, CVE-2020-12352Write-up, PoC

License & Patents

The advisories and patches posted here are free and open source.

See LICENSE for further details.

Contributing

The easiest way to contribute to our security research projects is to correct the patches when you see mistakes.

Please read up our Contribution policy.