Google Project Zero

ID: 3fef7083-300f-5beb-88de-4326f14e512d

STIX ID: identity--3fef7083-300f-5beb-88de-4326f14e512d

Feed Type: atom

Earliest post: 2022-03-31

Latest post: 2025-12-12

Technical write-ups and vulnerability research from Google’s offensive security team focused on finding zero-day exploits in the wild.

Exclude posts that do not describe a security incident

Classification

Min Pub Date

01/01/2020

Max Pub Date

06/04/2026

Title	Date Published ↓	Describes Incident	Author	Visible
A look at an Android ITW DNG exploit	2025-12-12	True	Google Project Zero	True
Defeating KASLR by Doing Nothing at All	2025-11-03	True	Google Project Zero	True
Pointer leaks through pointer-keyed data structures	2025-09-26	True	Google Project Zero	True
From Chrome renderer code exec to kernel with MSG_OOB	2025-08-08	True	Google Project Zero	True
Breaking the Sound Barrier Part I: Fuzzing CoreAudio with Mach Messages	2025-05-09	True	Google Project Zero	True
Blasting Past Webp	2025-03-26	True	Google Project Zero	True
Windows Bug Class: Accessing Trapped COM Objects with IDispatch	2025-01-30	True	Google Project Zero	True
Simple macOS kernel extension fuzzing in userspace with IDA and TinyInst	2024-11-21	True	Google Project Zero	True
From Naptime to Big Sleep: Using Large Language Models To Catch Vulnerabilities In Real-World Code	2024-11-01	True	Google Project Zero	True
Effective Fuzzing: A Dav1d Case Study	2024-10-03	True	Unknown	True
Project Naptime: Evaluating Offensive Security Capabilities of Large Language Models	2024-06-20	True	Google Project Zero	True
Driving forward in Android drivers	2024-06-13	True	Google Project Zero	True
The Windows Registry Adventure #1: Introduction and research results	2024-04-18	True	Google Project Zero	True
Analyzing a Modern In-the-wild Android Exploit	2023-09-19	True	Google Project Zero	True
MTE As Implemented, Part 1: Implementation Testing	2023-08-02	True	Google Project Zero	True
MTE As Implemented, Part 3: The Kernel	2023-08-02	True	Google Project Zero	True
Release of a Technical Report into Intel Trust Domain Extensions	2023-04-24	True	Google Project Zero	True
Multiple Internet to Baseband Remote Code Execution Vulnerabilities in Exynos Modems	2023-03-16	True	Google Project Zero	True
Exploiting null-dereferences in the Linux kernel	2023-01-19	True	Google Project Zero	True
DER Entitlements: The (Brief) Return of the Psychic Paper	2023-01-12	True	Google Project Zero	True
Exploiting CVE-2022-42703 - Bringing back the stack attack	2022-12-08	True	Google Project Zero	True
Mind the Gap	2022-11-22	True	Google Project Zero	True
A Very Powerful Clipboard: Analysis of a Samsung in-the-wild exploit chain	2022-11-04	True	Google Project Zero	True
Gregor Samsa: Exploiting Java's XML Signature Verification	2022-11-02	True	Google Project Zero	True
RC4 Is Still Considered Harmful	2022-10-27	True	Unknown	True
The quantum state of Linux kernel garbage collection CVE-2021-0920 (Part I)	2022-08-10	True	Google Project Zero	True
2022 0-day In-the-Wild Exploitation…so far	2022-06-30	True	Google Project Zero	True
The curious tale of a fake Carrier.app	2022-06-23	True	Google Project Zero	True
An Autopsy on a Zombie In-the-Wild 0-day	2022-06-14	True	Google Project Zero	True
Release of Technical Report into the AMD Security Processor	2022-05-10	True	Ryan	True
The More You Know, The More You Know You Don’t Know	2022-04-19	True	Ryan	True
CVE-2021-1782, an iOS in-the-wild vulnerability in vouchers	2022-04-14	True	Ryan	True
CVE-2021-30737, @xerub's 2021 iOS ASN.1 Vulnerability	2022-04-07	True	Ryan	True
FORCEDENTRY: Sandbox Escape	2022-03-31	True	Ryan	True