PROJECT ZERO Posts on XDA

Google’s Project Zero is changing its vulnerability disclosure timeline to give time for fixes to roll out

Google’s Project Zero team is announcing some big changes to how it discloses security vulnerabilities to the public. Since its launch, Project Zero has followed a strict 90-day disclosure deadline. What this means is when a vulnerability is found, Project Zero will wait 90 days before publicly documenting the technical details. This allows vendors to...

Google fixes two more zero-day Chrome flaws that were already being exploited

Google’s Project Zero white-hat hacker squad has patched two new zero-day bug fixes for vulnerabilities in the Chrome Browser, already being actively exploited in the wild — the third time in two weeks the team has had to patch a live vulnerability in the world’s most used web browser. Ben Hawkes, the head of Project Zero...

Google’s Project Zero security team will now wait 90 days to disclose any vulnerabilities they find

Project Zero is a security division employed by Google, which was founded in 2014. The team's primary mission is to discover zero-day vulnerabilities - that is, vulnerabilities that are unknown (or unaddressed by) the party which should be interested in its mitigation. "Heartbleed" is one such zero-day exploit, which was privately reported by two separate...

Google’s Project Zero Discovered how to Bypass Samsung’s Knox Hypervisor (Fixed in January Patch)

Google's Project Zero team has verified a number of exploits that enable Samsung's phones running the supposedly-secure Samsung Knox security suite to be attacked. The blog notes that all vulnerabilities have been passed to Samsung who has actually released fixes for them in a January software update. Background As part of the Samsung Knox security software suite introduced by...

New Rowhammer Exploits use Hardware Vulnerabilities to Root LG, Samsung, and Motorola Devices

Google is constantly at war with hackers seeking to maliciously exploit security vulnerabilities in their products. Back in the middle of 2014, Google assembled a team of security analysts called 'Project Zero' to report zero-day exploits to the company so they can be patched before any nefarious third-party can take advantage of the undisclosed security hole....