(Collaborative post by Mateusz “j00ru” Jurczyk and Gynvael Coldwind)
Several months ago, we started an internal Google Security Team effort to improve the general security posture of the Chrome embedded PDF reader, in an approach similar to the Flash fuzzing performed several months ago by Tavis Ormandy. During the course of a few weeks, we built a solid corpus of PDF documents that we feel gets significant coverage of the Chrome PDF Reader’s code base and used it to shake out more than 50 low-to-high severity bugs. All of the high and critical severity bugs we discovered have been fixed in the stable channel [1] [2] [3] as of this posting; see examples: ...
Pełen post dostępny po angielskiej stronie lustra: click.
Sections
- lang:
| 
- RSS: |
- About me
- Tools
- → YT YouTube (EN)
- → D Discord
- → M Mastodon
- → T Twitter
- → GH GitHub
Links / Blogs
- → dragonsector.pl
- → vexillium.org
- Security/Hacking:
- Reverse Eng./Low-Level:
- Programming/Code:
Posts
- xz/liblzma: Bash-stage Obfuscation Explained,
- Two of my bookmarklets: image extraction and simple TTS,
- Paged Out! #3 is out,
- My howto script,
- Talk: PCI Express to Hell,
- Live: On Leaving Google and What's Next,
- Thoughts on overlarge fields in formats and protocols,
- On self-healing code and the obvious issue,
- LLM + Clean Room: Will LLMs be the death of code copyrights?,
- Solving a VM-based CTF challenge without solving it properly,
- → see all posts on main page
Comments:
Ahahaha +1 :)
Dzieki, poprawione :)
Add a comment: