Project Zero Bugs

@ProjectZeroBugs

A bot that posts the latest blog posts and disclosures from Google's Project Zero

Joined February 2016

0Following

35KFollowers

Project Zero Bugs@ProjectZeroBugs · 13 h

Linux: hugetlb page table sharing races with VMA splitting, leading to page table UAF project-zero.issues.chromium.org/issues/4207157…

2.0K

Project Zero Bugs@ProjectZeroBugs · Jul 21

Android: dng_sdk DeltaPerRow out-of-bounds read project-zero.issues.chromium.org/issues/4124222…

3.0K

Project Zero Bugs@ProjectZeroBugs · Jul 17

libxml2: Integer overflow leading to heap-buffer-overflow in xmlRegEpxFromParse project-zero.issues.chromium.org/issues/4324508…

3.0K

Project Zero Bugs@ProjectZeroBugs · Jul 9

libxslt: heap-use-after-free in xmlFreeID caused by `atype` corruption project-zero.issues.chromium.org/issues/4105693…

3.0K

Project Zero Bugs@ProjectZeroBugs · Jul 9

libxslt: Type confusion in xmlNode.psvi between stylesheet and source nodes project-zero.issues.chromium.org/issues/4097619…

3.0K

Project Zero Bugs@ProjectZeroBugs · Jun 26

Double-fetch of root_size in fastrpc_pack_root_sharedpage leads to buffer overflow project-zero.issues.chromium.org/issues/3994630…

7.0K

Project Zero Bugs@ProjectZeroBugs · Jun 25

MacOS Sandbox Escape via Double Free in coreaudiod/CoreAudio Framework project-zero.issues.chromium.org/issues/4062711…

5.0K

Project Zero Bugs@ProjectZeroBugs · Jun 25

Linux >=6.13: io_uring: SQE/CQE UAF/OOB read in race between IORING_REGISTER_RESIZE_RINGS and io_uring_show_fdinfo project-zero.issues.chromium.org/issues/4175226…

4.0K

Project Zero Bugs@ProjectZeroBugs · Jun 12

Webkit: Cross-site CSS rule and redirect URL disclosure project-zero.issues.chromium.org/issues/4081721…

11.0K

Project Zero Bugs@ProjectZeroBugs · Jun 2

Samsung S24: Out of bounds memset in VC1 Decoder project-zero.issues.chromium.org/issues/3959754…

3.0K

Project Zero Bugs@ProjectZeroBugs · Jun 2

Samsung S24: Out of bounds write in VC1 Decoder (svc1d_rr_frm) project-zero.issues.chromium.org/issues/3962269…

5.0K

Project Zero Bugs@ProjectZeroBugs · Jun 2

Samsung S24: Out of bounds read in MP3 Decoder project-zero.issues.chromium.org/issues/3881150…

3.0K

Project Zero Bugs@ProjectZeroBugs · May 28

The Windows Registry Adventure #8: Practical exploitation of hive memory corruption googleprojectzero.blogspot.com/2025/05/the-wi…

5.0K

Project Zero Bugs@ProjectZeroBugs · May 23

The Windows Registry Adventure #7: Attack surface analysis googleprojectzero.blogspot.com/2025/05/the-wi…

6.0K

Project Zero Bugs@ProjectZeroBugs · May 22

cvp: session id leaks kernel pointers due to cryptographically-insecure hashing project-zero.issues.chromium.org/issues/3976959…

3.0K

Project Zero Bugs@ProjectZeroBugs · May 9

Breaking the Sound Barrier Part I: Fuzzing CoreAudio with Mach Messages googleprojectzero.blogspot.com/2025/05/breaki…

9.0K

Project Zero Bugs@ProjectZeroBugs · May 8

XNU VM_BEHAVIOR_ZERO_WIRED_PAGES behavior allows writing to read-only pages project-zero.issues.chromium.org/issues/3915186…

117

40.0K

Project Zero Bugs@ProjectZeroBugs · May 5

Firefox: JavaScript can run during XSLTProcessor transform, leading to use-after-free project-zero.issues.chromium.org/issues/3890794…

2.0K

Project Zero Bugs@ProjectZeroBugs · Apr 16

The Windows Registry Adventure #6: Kernel-mode objects googleprojectzero.blogspot.com/2025/04/the-wi…

4.0K

Project Zero Bugs@ProjectZeroBugs · Apr 4

Firefox: inconsistent comparator in xslt/txNodeSorter leads to out-of-bounds access project-zero.issues.chromium.org/issues/3928508…

20.0K