December 11, 2024 at 10:19AM Google has released a Chrome update addressing three vulnerabilities, including two high-severity memory safety bugs in the V8 JavaScript engine, one of which led to a $55,000 bug bounty. The update also fixes a use-after-free defect. No exploitation of these vulnerabilities has been confirmed yet. ### Meeting Takeaways: 1. **Chrome … Read more
November 21, 2024 at 03:13AM Google’s AI-powered fuzzing tool, OSS-Fuzz, has uncovered 26 vulnerabilities, including a medium-severity flaw in OpenSSL (CVE-2024-9143), indicating significant advancements in automated vulnerability detection. The tool enhances code coverage and is part of Google’s transition to memory-safe languages like Rust, alongside new security checks in C++. **Meeting Takeaways – Nov 21, … Read more
November 20, 2024 at 12:09PM Google’s OSS-Fuzz project has identified 26 vulnerabilities, including a critical flaw in OpenSSL. Utilizing AI-driven fuzzing, the tool finds bugs unlikely to be detected by humans. OSS-Fuzz aims to automate the fuzzing workflow, enhancing code testing with large language models to improve security against potential threats. ### Meeting Takeaways: 1. … Read more
November 16, 2024 at 05:19AM Fil-C, created by Filip Pizlo from Epic Games, is a memory-safe version of C and C++ allowing developers to maintain compatibility without learning new languages like Rust. It focuses on memory safety through a permissively licensed open-source compiler, although it currently has performance limitations and works only on Linux/x86_64. ### … Read more
November 5, 2024 at 01:43AM Google’s AI model, Big Sleep, claims to be the first to identify a memory safety vulnerability—a stack buffer underflow—in SQLite before its release. Developed by Project Zero and DeepMind, Big Sleep aims to enhance bug detection beyond traditional fuzzing methods. This marks a significant advancement in AI-driven software security. ### … Read more
November 4, 2024 at 08:16AM Google revealed that its Big Sleep LLM agent discovered a previously unknown memory safety vulnerability in SQLite, which traditional fuzzing methods failed to identify. This highlights the advanced capabilities of AI in enhancing security measures. ### Meeting Takeaways: 1. **Big Sleep LLM Agent**: Google has demonstrated its Big Sleep large … Read more
November 4, 2024 at 06:21AM Google identified a zero-day vulnerability in SQLite using its AI framework, Big Sleep. This marks the first real-world vulnerability discovered by an AI agent. The flaw, a stack buffer underflow, has been addressed. Google emphasizes the potential of AI in finding vulnerabilities pre-release, but notes results are still experimental. ### … Read more
October 24, 2024 at 08:17AM Codasip donated its RISC-V software development kit to the CHERI Alliance to enhance chip memory safety for developers. The SDK includes essential tools like a C/C++ compiler, emulator, and build system, aiming to facilitate CHERI technology adoption in securing hardware memory against vulnerabilities like buffer overflows. ### Meeting Takeaways: 1. … Read more
September 26, 2024 at 05:19PM The number of memory-related vulnerabilities in Android has significantly decreased over the past five years, attributed to Google’s use of memory-safe languages like Rust. Memory safety issues now only account for 24% of all Android vulnerabilities, down from 76% in 2019. This shift has been credited to Google’s secure-by-design approach … Read more
September 26, 2024 at 09:19AM Google’s secure-by-design approach to code development has led to a significant reduction in memory safety vulnerabilities in Android and Chrome. The adoption of memory-safe programming languages like Rust has resulted in a decrease in memory safety bugs in Android, reducing the overall security risk to users. This proactive approach marks … Read more