Google CTF 2019 is here

Posted by Jan Keller, Security Technical Program Manager June has become the month where we’re inviting thousands of security aficionados to put their skills to the test… In 2018, 23,563 people submitted at least one flag on their hunt for the secret cake recipe in the Beginner’s Quest. While 330 teams competed for a place […]

Continue Reading

Disclosing vulnerabilities to protect users across platforms

Posted by Clement Lecigne, Threat Analysis Group On Wednesday, February 27th, we reported two 0-day vulnerabilities — previously publicly-unknown vulnerabilities — one affecting Google Chrome and another in Microsoft Windows that were being exploited together. To remediate the Chrome vulnerability (CVE-2019-5786), Google released an update for all Chrome platforms on March 1; this update was […]

Continue Reading

Open sourcing ClusterFuzz

Posted by Abhishek Arya, Oliver Chang, Max Moroz, Martin Barbella and Jonathan Metzman (ClusterFuzz team) [Cross-posted from the Google Open-Source Blog] Fuzzing is an automated method for detecting bugs in software that works by feeding unexpected inputs to a target program. It is effective at finding memory corruption bugs, which often have serious security implications. […]

Continue Reading

Combating Potentially Harmful Applications with Machine Learning at Google: Datasets and Models

Posted by Mo Yu, Damien Octeau, and Chuangang Ren, Android Security & Privacy Team [Cross-posted from the Android Developers Blog] In a previous blog post, we talked about using machine learning to combat Potentially Harmful Applications (PHAs). This blog post covers how Google uses machine learning techniques to detect and classify PHAs. We’ll discuss the […]

Continue Reading

Android Protected Confirmation: Taking transaction security to the next level

Posted by Janis Danisevskis, Information Security Engineer, Android Security [Cross-posted from the Android Developers Blog] In Android Pie, we introduced Android Protected Confirmation, the first major mobile OS API that leverages a hardware protected user interface (Trusted UI) to perform critical transactions completely outside the main mobile operating system. This Trusted UI protects the choices […]

Continue Reading