Category: Google Online Security Blog

This article has been indexed from Google Online Security Blog Posted by Caleb Brown, Open Source Security Team  Despite open source software’s essential role in all software built today, it’s far too easy for bad actors to circulate malicious packages…

Read more →

This article has been indexed from Google Online Security Blog Posted by Steve Kafka and Khawaja Shams, Android Security and Privacy Team Providing a safe experience to billions of users continues to be one of the highest priorities for Google…

Read more →

This article has been indexed from Google Online Security Blog Posted by Medha Jain, Program Manager, Devices & Services Security  At Google, we constantly invest in security research to raise the bar for our devices, keeping our users safe and…

Read more →

This article has been indexed from Google Online Security Blog Posted by Adrian Taylor, Chrome Security Team If you are a regular reader of our Chrome release blog, you may have noticed that phrases like ‘exploit for CVE-1234-567 exists in…

Read more →

This article has been indexed from Google Online Security Blog Posted by Adrian Taylor, Chrome Security Team If you are a regular reader of our Chrome release blog, you may have noticed that phrases like ‘exploit for CVE-1234-567 exists in…

Read more →

This article has been indexed from Google Online Security Blog Posted by Ard Biesheuvel, Google Open Source Security Team Linux kernel support for the 32-bit ARM architecture was contributed in the late 90s, when there was little corporate involvement in Linux…

Read more →

This article has been indexed from Google Online Security Blog Posted by Sarah Jacobus, Vulnerability Rewards Team  Last year was another record setter for our Vulnerability Reward Programs (VRPs). Throughout 2021, we partnered with the security researcher community to identify…

Read more →

This article has been indexed from Google Online Security Blog Posted by Laurent Simon and Azeem Shaikh, Google Open Source Security Team (GOSST)  Since our July announcement of Scorecards V2, the Scorecards project—an automated security tool to flag risky supply chain…

Read more →

This article has been indexed from Google Online Security Blog Like many other companies, we’re closely following the multiple CVEs regarding Apache Log4j 2. Our security teams are investigating any potential impact on Google products and services and are focused…

Read more →

This article has been indexed from Google Online Security Blog Posted by James Wetter and Nicky Ringland, Open Source Insights Team  More than 35,000 Java packages, amounting to over 8% of the Maven Central repository (the most significant Java package…

Read more →

This article has been indexed from Google Online Security Blog Posted by Jonathan Metzman, Google Open Source Security Team The discovery of the Log4Shell vulnerability has set the internet on fire. Similar to shellshock and heartbleed, Log4Shell is just the…

Read more →

This article has been indexed from Google Online Security Blog Posted by Jon Bottarini, Security Program Manager & Lena Katib, Strategic Partnerships Manager The external security researcher community plays an integral role in making the Google Play ecosystem safe and…

Read more →

This article has been indexed from Google Online Security Blog Posted by Fabricio Voznika and Mauricio Poppe, Google Cloud  Kubernetes Security is constantly evolving – keeping pace with enhanced functionality, usability and flexibility while also balancing the security needs of…

Read more →

This article has been indexed from Google Online Security Blog Posted by Jonathan Metzman, Google Open Source Security Team In recent years, continuous fuzzing has become an essential part of the software development lifecycle. By feeding unexpected or random data…

Read more →

This article has been indexed from Google Online Security Blog Posted by Kevin Yeo and Sarvar Patel, Private Computing Team  At Google, keeping you safe online is our top priority, so we continuously build the most advanced privacy-preserving technologies into…

Read more →

This article has been indexed from Google Online Security Blog Posted by Dave Kleidermacher, Jesse Seed, Brandon Barbello, Android, Pixel & Tensor security teams With Pixel 6 and Pixel 6 Pro, we’re launching our most secure Pixel phone yet, with…

Read more →

This article has been indexed from Google Online Security Blog Posted by Royal Hansen, Vice President, Security  According to an Opus and Ponemon Institute study, 59% of companies have experienced a data breach caused by one of their vendors or…

Read more →

This article has been indexed from Google Online Security Blog Posted by Sam Heft-Luthy, Product Manager, Privacy & Data Protection Office  What happens to our digital accounts when we stop using them? It’s a question we should all ask ourselves,…

Read more →

This article has been indexed from Google Online Security Blog Posted by Sam Heft-Luthy, Product Manager, Privacy & Data Protection Office  What happens to our digital accounts when we stop using them? It’s a question we should all ask ourselves,…

Read more →

This article has been indexed from Google Online Security Blog Posted by Meder Kydyraliev and Kim Lewandowski, Google Open Source Security Team Over the past year we have made a number of investments to strengthen the security of critical open…

Read more →

This article has been indexed from Google Online Security Blog Posted by Guoli Ma, Sebastian Lekies & Claudio Criscione, Google Vulnerability Management TeamOne year ago, we published the Tsunami security scanner with the goal of detecting high severity, actively exploited…

Read more →

This article has been indexed from Google Online Security Blog Posted by Guoli Ma, Sebastian Lekies & Claudio Criscione, Google Vulnerability Management TeamOne year ago, we published the Tsunami security scanner with the goal of detecting high severity, actively exploited…

Read more →

This article has been indexed from Google Online Security Blog Posted by Priya Wadhwa and Appu Goundan, Google Open Source Security Team A few months ago we announced that we started signing all distroless images with cosign, which allows users…

Read more →

This article has been indexed from Google Online Security Blog Adrian Taylor, Andrew Whalley, Dana Jansens and Nasko Oskov, Chrome security team Security is a cat-and-mouse game. As attackers innovate, browsers always have to mount new defenses to stay ahead,…

Read more →

This article has been indexed from Google Online Security Blog Posted by Kaylin Trychon, Google Open Source Security Team  We recently pledged to provide $100 million to support third-party foundations that manage open source security priorities and help fix vulnerabilities.…

Read more →

This article has been indexed from Google Online Security Blog Posted by Suzanne Frey, VP, Product, Android & Play Security and Privacy We introduced Android’s Private Compute Core in Android 12 Beta. Today, we’re excited to announce a new suite…

Read more →

This article has been indexed from Google Online Security Blog Posted by Eric Brewer and Dan Lorenc Yesterday, we were honored to participate in President Biden’s White House Cyber Security Summit where we shared recommendations to advance the administration’s cybersecurity…

Read more →

This article has been indexed from Google Online Security Blog Posted by Mike Maraya, Google Open Source Security Team  As an active member of the open source software (OSS) community, Google recognizes the growing threat of software supply chain attacks…

Read more →

This article has been indexed from Google Online Security Blog Posted by Christiaan Brand, Product Manager, Google Cloud Today we are excited to announce some changes to our lineup of Titan Security Keys on the Google Store which provide a…

Read more →

This article has been indexed from Google Online Security Blog Posted by Kees Cook, Software Engineer, Google Open Source Security Team To borrow from an excellent analogy between the modern computer ecosystem and the US automotive industry of the 1960s,…

Read more →

This article has been indexed from Google Online Security Blog Posted by Kees Cook, Software Engineer, Google Open Source Security Team To borrow from an excellent analogy between the modern computer ecosystem and the US automotive industry of the 1960s,…

Read more →

This article has been indexed from Google Online Security Blog Posted by Jan Keller, Technical Program Manager, Google VRP  A little over 10 years ago, we launched our Vulnerability Rewards Program (VRP). Our goal was to establish a channel for…

Read more →

This article has been indexed from Google Online Security Blog Posted by Jan Keller, Technical Program Manager, Google VRP  A little over 10 years ago, we launched our Vulnerability Rewards Program (VRP). Our goal was to establish a channel for…

Read more →

This article has been indexed from Google Online Security Blog Posted by Sarah Morales, Community Outreach Manager, Security  It’s no secret that lack of diversity in corporate America is a well-documented problem and improvements have been slow. To help improve…

Read more →

This article has been indexed from Google Online Security Blog Posted by Charlie Reis​ and Alex Moshchuk, Chrome Security Team Chrome’s Site Isolation is an essential security defense that makes it harder for malicious web sites to steal data from…

Read more →

This article has been indexed from Google Online Security Blog Posted by Charlie Reis​ and Alex Moshchuk, Chrome Security Team Chrome’s Site Isolation is an essential security defense that makes it harder for malicious web sites to steal data from…

Read more →

This article has been indexed from Google Online Security Blog Posted by Sarah Morales, Community Outreach Manager, Security  It’s no secret that lack of diversity in corporate America is a well-documented problem and improvements have been slow. To help improve…

Read more →

This article has been indexed from Google Online Security Blog Posted by Ryan Hurst, Production Security Team The way we design and build software is continually evolving. Just as we now think of security as something we build into software…

Read more →

This article has been indexed from Google Online Security Blog Posted by Kim Lewandowski, Azeem Shaikh, Laurent Simon, Google Open Source Security Team Contributors to the Scorecards project, an automated security tool that produces a “risk score” for open source…

Read more →

This article has been indexed from Google Online Security Blog Posted by Kim Lewandowski, Azeem Shaikh, Laurent Simon, Google Open Source Security Team Contributors to the Scorecards project, an automated security tool that produces a “risk score” for open source…

Read more →

This article has been indexed from Google Online Security Blog Posted by Oliver Chang, Google Open Source Security team and Russ Cox, Go team  In recent months, Google has launched several efforts to strengthen open-source security on multiple fronts. One…

Read more →

This article has been indexed from Google Online Security Blog Posted by Dan Lorenc, Priya Wadhwa, Open Source Security TeamIf you’ve been paying attention to the news at all lately, you’ve probably noticed that software supply chain attacks are rapidly…

Read more →

This article has been indexed from Google Online Security Blog Posted by Joel Galenson and Matthew Maurer, Android Team One of the main challenges of evaluating Rust for use within the Android platform was ensuring we could provide sufficient interoperability…

Read more →

This article has been indexed from Google Online Security Blog Posted by Joel Galenson and Matthew Maurer, Android Team One of the main challenges of evaluating Rust for use within the Android platform was ensuring we could provide sufficient interoperability…

Read more →

This article has been indexed from Google Online Security Blog Posted by Dan Lorenc, Priya Wadhwa, Open Source Security TeamIf you’ve been paying attention to the news at all lately, you’ve probably noticed that software supply chain attacks are rapidly…

Read more →

This article has been indexed from Google Online Security Blog Posted by Anna Hupa,  Marc Henson, and Martin Straka, Google VRP Team  Our Abuse Bug Bounty program has proved tremendously successful in the past three years since its introduction –…

Read more →

This article has been indexed from Google Online Security Blog Posted by Badr Salmi, Google Safe Browsing & Varun Khaneja, Chrome Security In 2020 we launched Enhanced Safe Browsing, which you can turn on in your Chrome security settings, with…

Read more →

This article has been indexed from Google Online Security Blog Posted by Jon Markoff and Sean Smith, Android Security and Privacy Team Integrating security into your app development lifecycle can save a lot of time, money, and risk. That’s why…

Read more →

This article has been indexed from Google Online Security Blog Research Team: Salman Qazi, Yoongu Kim, Nicolas Boichat, Eric Shiu & Mattias Nissler Today, we are sharing details around our discovery of Half-Double, a new Rowhammer technique that capitalizes on the…

Read more →

This article has been indexed from Google Online Security Blog Posted by Ivan Lozano, Android Team The Android team has been working on introducing the Rust programming language into the Android Open Source Project (AOSP) since 2019 as a memory-safe…

Read more →

Posted by Ivan Lozano, Android Security & Privacy Team The Android team has been working on introducing the Rust programming language into the Android Open Source Project (AOSP) since 2019 as a memory-safe alternative for platform native code development. As…

Read more →

Posted by Priya Wadhwa, Google Open Source Security Team With over 16 million pulls per month, Google’s `distroless` base images are widely used and depended on by large projects like Kubernetes and Istio. These minimal images don’t include common tools…

Read more →

Alex Gough, Engineer, Chrome Platform Security Team Chrome 90 for Windows adopts Hardware-enforced Stack Protection, a mitigation technology to make the exploitation of security bugs more difficult for attackers. This is supported by Windows 20H1 (December Update) or later, running…

Read more →

Read the original article: How we fought bad apps and developers in 2020 Posted by Krish Vitaldevara, Director of Product Management Trust & Safety, Google Play

Read more →

Read the original article: A New Standard for Mobile App Security Posted by Brooke Davis and Eugene Liderman, Android Security and Privacy Team

Read more →

Read the original article: Rust in the Linux kernel Posted by Wedson Almeida Filho, Android Team In our previous post, we announced that Android now supports the Rust programming language for developing the OS itself. Related to this, we are…

Read more →

Read the original article: Rust in the Android platform Posted by Jeff Vander Stoep and Stephen Hines, Android Team Correctness of code in the Android platform is a top priority for the security, stability, and quality of each Android release.…

Read more →

Read the original article: Announcing the Android Ready SE Alliance Posted by Sudhi Herle and Jason Wong, Android Team When the Pixel 3 launched in 2018, it had a new tamper-resistant hardware enclave called Titan M. In addition to being…

Read more →

Read the original article: Announcing the winners of the 2020 GCP VRP Prize Posted by Harshvardhan Sharma, Information Security Engineer, Google  We first announced the GCP VRP Prize in 2019 to encourage security researchers to focus on the security of…

Read more →

Read the original article: Announcing the winners of the 2020 GCP VRP Prize Posted by Harshvardhan Sharma, Information Security Engineer, Google  We first announced the GCP VRP Prize in 2019 to encourage security researchers to focus on the security of…

Read more →

Read the original article: Google, HTTPS, and device compatibility Posted by Ryan Hurst, Product Management, Google Trust Services Encryption is a fundamental building block when you’re on a mission to organize the world’s information and make it universally accessible with…

Read more →

Read the original article: A Spectre proof-of-concept for a Spectre-proof web Posted by Stephen Röttger and Artur Janc, Information Security Engineers Three years ago, Spectre changed the way we think about security boundaries on the web. It quickly became clear…

Read more →

Read the original article: Continuing to Raise the Bar for Verifiable Security on Pixel Posted by Eugene Liderman, Android Security and Privacy Team Evaluating the security of mobile devices is difficult, and a trusted way to validate a company’s claims…

Read more →

Read the original article: #ShareTheMicInCyber: Brooke Pearson Posted by Parisa Tabriz, Head of Chrome Product, Engineering and UX  In an effort to showcase the breadth and depth of Black+ contributions to security and privacy fields, we’ve launched a profile series…

Read more →

Read the original article: Fuzzing Java in OSS-Fuzz Posted by Jonathan Metzman, Google Open Source Security Team OSS-Fuzz, Google’s open source fuzzing service, now supports fuzzing applications written in Java and other Java Virtual Machine (JVM) based languages (e.g. Kotlin,…

Read more →

Read the original article: Introducing sigstore: Easy Code Signing & Verification for Supply Chain Integrity Posted by Kim Lewandowski & Dan Lorenc, Google Open Source Security Team One of the fundamental security issues with open source is that it’s difficult to…

Read more →

Read the original article: #ShareTheMicInCyber: Rob Duhart Posted by Matt Levine, Director, Risk Management In an effort to showcase the breadth and depth of Black+ contributions to security and privacy fields, we’ve launched a series in support of #ShareTheMicInCyber that aims…

Read more →

Read the original article: #ShareTheMicInCyber: Rob Duhart Posted by Matt Levine, Director, Risk Management In an effort to showcase the breadth and depth of Black+ contributions to security and privacy fields, we’ve launched a series in support of #ShareTheMicInCyber that aims…

Read more →

Read the original article: Celebrating the influence and contributions of Black+ Security & Privacy Googlers Posted by Royal Hansen, Vice President, Security Black History Month may be coming to a close, but our work to build sustainable equity for Google’s…

Read more →

Read the original article: New Password Checkup Feature Coming to Android Posted by Arvind Kumar Sugumar, Software Engineer, Android Team With the proliferation of digital services in our lives, it’s more important than ever to make sure our online information…

Read more →

Read the original article: Mitigating Memory Safety Issues in Open Source Software Posted by Dan Lorenc, Infrastructure Security Team Memory-safety vulnerabilities have dominated the security field for years and often lead to issues that can be exploited to take over…

Read more →

Read the original article: Mitigating Memory Safety Issues in Open Source Software Posted by Dan Lorenc, Infrastructure Security Team Memory-safety vulnerabilities have dominated the security field for years and often lead to issues that can be exploited to take over…

Read more →

Read the original article: Launching OSV – Better vulnerability triage for open source Posted by Oliver Chang and Kim Lewandowski, Google Security Team We are excited to launch OSV (Open Source Vulnerabilities), our first step towards improving vulnerability triage for…

Read more →

Read the original article: Vulnerability Reward Program: 2020 Year in Review Posted by Anna Hupa, Senior Strategist, Vulnerability Rewards Team Despite the challenges of this unprecedented year, our vulnerability researchers have achieved more than ever before, partnering with our Vulnerability…

Read more →

Read the original article: Know, Prevent, Fix: A framework for shifting the discussion around vulnerabilities in open source Posted by Eric Brewer, Rob Pike, Abhishek Arya, Anne Bertucio and Kim Lewandowski  Executive Summary: The security of open source software has…

Read more →

Read the original article: Data Driven Security Hardening in Android Posted by Kevin Deus, Joel Galenson, Billy Lau and Ivan Lozano, Android Security & Privacy Team The Android platform team is committed to securing Android for every user across every…

Read more →

Read the original article: Data Driven Security Hardening in Android Posted by Kevin Deus, Joel Galenson, Billy Lau and Ivan Lozano, Android Security & Privacy Team The Android platform team is committed to securing Android for every user across every…

Read more →

Read the original article: New Year, new password protections in Chrome Posted by Ali Sarraf, Product Manager, Chrome Passwords help protect our online information, which is why it’s never been more important to keep them safe. But when we’re juggling…

Read more →

Read the original article: How the Atheris Python Fuzzer Works Posted by Ian Eldred Pudney, Google Information Security  On Friday, we announced that we’ve released the Atheris Python fuzzing engine as open source. In this post, we’ll briefly talk about…

Read more →

Read the original article: Announcing Bonus Rewards for V8 Exploits Posted by Martin Barbella, Chrome Vulnerability Rewards Panelist Starting today, the Chrome Vulnerability Rewards Program is offering a new bonus for reports which demonstrate exploitability in V8, Chrome’s JavaScript engine.…

Read more →

Read the original article: OpenTitan at One Year: the Open Source Journey to Secure Silicon Posted by Dominic Rizzo, OpenTitan Lead, Google  During the past year, OpenTitan has grown tremendously as an open source project and is on track to…

Read more →

Read the original article: Improving open source security during the Google summer internship program Posted by the Information Security Engineering team at Google  Every summer, Google’s Information Security Engineering (ISE) team hosts a number of interns who work on impactful…

Read more →

Read the original article: Fostering research on new web security threats Posted by Artur Janc and Jan Gora, Information Security Engineers  The web is an ecosystem built on openness and composability. It is an excellent platform for building capable applications,…

Read more →

Read the original article: Announcing our open source security key test suite Posted by Fabian Kaczmarczyck, Software Engineer, Jean-Michel Picod, Software Engineer and Elie Bursztein, Security and Anti-abuse Research Lead Security keys and your phone’s built-in security keys are reshaping…

Read more →

Read the original article: Privacy-preserving features in the Mobile Driving License Posted by David Zeuthen, Shawn Willden and René Mayrhofer, Android Security and Privacy team In the United States and other countries a Driver’s License is not only used to…

Read more →

Read the original article: Fuzzing internships for Open Source Software Posted by Abhishek Arya, Chrome Security team Open source software is the foundation of many modern software products. Over the years, developers increasingly have relied on reusable open source components…

Read more →

Read the original article: New Password Protections (and more!) in Chrome Posted by AbdelKarim Mardini, Senior Product Manager, Chrome Passwords are often the first line of defense for our digital lives. Today, we’re improving password security on both Android and…

Read more →

Read the original article: New Password Protections (and more!) in Chrome Posted by AbdelKarim Mardini, Senior Product Manager, Chrome Passwords are often the first line of defense for our digital lives. Today, we’re improving password security on both Android and…

Read more →

Read the original article: Lockscreen and Authentication Improvements in Android 11 Posted by Haining Chen, Vishwath Mohan, Kevin Chyn and Liz Louis, Android Security Team[Cross-posted from the Android Developers Blog] As phones become faster and smarter, they play increasingly important…

Read more →

Read the original article: Improved malware protection for users in the Advanced Protection Program Posted by Daniel Rubery, Software Engineer, Chrome, Ryan Rasti, Software Engineer, Safe Browsing, and Eric Mill, Product Manager, Chrome Security Google’s Advanced Protection Program helps secure…

Read more →

Read the original article: Announcing new reward amounts for abuse risk researchers Posted by Marc Henson, Lead and Program Manager, Trust & Safety; Anna Hupa, Senior Strategist, at Google It has been two years since we officially expanded the scope…

Read more →

Read the original article: Pixel 4a is the first device to go through ioXt at launch Posted by Eugene Liderman and Xevi Miro Bruix, Android Security and Privacy Team Trust is very important when it comes to the relationship between…

Read more →

Read the original article: Pixel 4a is the first device to go through ioXt at launch Posted by Eugene Liderman and Xevi Miro Bruix, Android Security and Privacy Team Trust is very important when it comes to the relationship between…

Read more →

Read the original article: Towards native security defenses for the web ecosystem Posted by Artur Janc and Lukas Weichselbaum, Information Security Engineers With the recent launch of Chrome 83, and the upcoming release of Mozilla Firefox 79, web developers are…

Read more →

Read the original article: System hardening in Android 11 Posted by Platform Hardening Team In Android 11 we continue to increase the security of the Android platform. We have moved to safer default settings, migrated to a hardened memory allocator,…

Read more →

Read the original article: System hardening in Android 11 Posted by Android Platform Hardening Team In Android 11 we continue to increase the security of the Android platform. We have moved to safer default settings, migrated to a hardened memory…

Read more →

Read the original article: 11 Weeks of Android: Privacy and Security Posted by Charmaine D’Silva, Product Lead, Android Privacy and Framework, Narayan Kamath, Engineering Lead, Android Privacy and Framework, Stephan Somogyi, Product Lead, Android Security and Sudhi Herle, Engineering Lead,…

Read more →

Read the original article: Making the Advanced Protection Program and Titan Security Keys easier to use on Apple iOS devices Posted by Christiaan Brand, Product Manager, Google Cloud  Starting today, we’re rolling out a change that enables native support for…

Read more →

Read the original article: Making the Advanced Protection Program and Titan Security Keys easier to use on Apple iOS devices Posted by Christiaan Brand, Product Manager, Google Cloud  Starting today, we’re rolling out a change that enables native support for…

Read more →

Read the original article: The Advanced Protection Program comes to Google Nest Posted by Shuvo Chatterjee, Product Manager, Advanced Protection Program The Advanced Protection Program is our strongest level of Google Account security for people at high risk of targeted…

Read more →