Natalie Silvanovich
@natashenka.bsky.social
Google Project Zero
New Blog Post: Seth Jenkins broke kASLR by doing … nothing 😩
googleprojectzero.blogspot.com/2025/11/defe...
googleprojectzero.blogspot.com/2025/11/defe...
Defeating KASLR by Doing Nothing at All
Posted by Seth Jenkins, Project Zero Introduction I've recently been researching Pixel kernel exploitation and as part of this research I ...
googleprojectzero.blogspot.com
November 3, 2025 at 6:17 PM
New Blog Post: Seth Jenkins broke kASLR by doing … nothing 😩
googleprojectzero.blogspot.com/2025/11/defe...
googleprojectzero.blogspot.com/2025/11/defe...
Serious bugs often occur in third-party components integrated by other software. Ivan Fratric and I found this vulnerability in the Dolby Unified Decoder. It affects Android, iOS and Windows among other platforms, sometimes 0-click.
project-zero.issues.chromium.org/issues/42807...
project-zero.issues.chromium.org/issues/42807...
Project Zero
project-zero.issues.chromium.org
October 16, 2025 at 7:50 PM
Serious bugs often occur in third-party components integrated by other software. Ivan Fratric and I found this vulnerability in the Dolby Unified Decoder. It affects Android, iOS and Windows among other platforms, sometimes 0-click.
project-zero.issues.chromium.org/issues/42807...
project-zero.issues.chromium.org/issues/42807...
Super cool potential ASLR leak involving dictionary hashes! googleprojectzero.blogspot.com/2025/09/poin...
Pointer leaks through pointer-keyed data structures
Posted by Jann Horn, Google Project Zero Introduction Some time in 2024, during a Project Zero team discussion, we were talking about how...
googleprojectzero.blogspot.com
September 26, 2025 at 5:07 PM
Super cool potential ASLR leak involving dictionary hashes! googleprojectzero.blogspot.com/2025/09/poin...
fseek and you shall lfind
September 15, 2025 at 7:30 PM
fseek and you shall lfind
Reposted by Natalie Silvanovich
Zero-day developer and seller Exodus casually brags in a blog post about having found a WebKit zero-day and sold it for a year and a half.
blog.exodusintel.com/2025/08/04/o...
Clément Lecigne and Benoît Sevens of Google's Threat Analysis Group were the ones that reported it to Apple.
blog.exodusintel.com/2025/08/04/o...
Clément Lecigne and Benoît Sevens of Google's Threat Analysis Group were the ones that reported it to Apple.
August 12, 2025 at 7:46 PM
Zero-day developer and seller Exodus casually brags in a blog post about having found a WebKit zero-day and sold it for a year and a half.
blog.exodusintel.com/2025/08/04/o...
Clément Lecigne and Benoît Sevens of Google's Threat Analysis Group were the ones that reported it to Apple.
blog.exodusintel.com/2025/08/04/o...
Clément Lecigne and Benoît Sevens of Google's Threat Analysis Group were the ones that reported it to Apple.
How to use your Defcon badge
August 8, 2025 at 9:30 PM
How to use your Defcon badge
“You wouldn’t happen to have anything that could help me understand today’s ever-changing threat landscape? Perhaps involving a bit of AI?”
August 6, 2025 at 10:30 PM
“You wouldn’t happen to have anything that could help me understand today’s ever-changing threat landscape? Perhaps involving a bit of AI?”
Do you ever feel like maybe you should sign something, but aren’t quite sure you can follow through?
August 2, 2025 at 10:50 PM
Do you ever feel like maybe you should sign something, but aren’t quite sure you can follow through?
While most vendors ship timely patches for vulnerabilities reported by Project Zero, they don’t always reach users. Today, we’re announcing Reporting Transparency, a new policy to encourage downstream fixes
googleprojectzero.blogspot.com/2025/07/repo...
googleprojectzero.blogspot.com/2025/07/repo...
Policy and Disclosure: 2025 Edition
Posted by Tim Willis, Google Project Zero In 2021, we updated our vulnerability disclosure policy to the current "90+30" model. Our goals we...
googleprojectzero.blogspot.com
July 29, 2025 at 3:05 PM
While most vendors ship timely patches for vulnerabilities reported by Project Zero, they don’t always reach users. Today, we’re announcing Reporting Transparency, a new policy to encourage downstream fixes
googleprojectzero.blogspot.com/2025/07/repo...
googleprojectzero.blogspot.com/2025/07/repo...
Reposted by Natalie Silvanovich
maybe there's still some good left in this world after all
July 28, 2025 at 2:46 AM
maybe there's still some good left in this world after all
The new Tamagotchi Switch game has rap battles where the Tamas rap about how they respect and enjoy each others’ unique differences
July 12, 2025 at 2:09 AM
The new Tamagotchi Switch game has rap battles where the Tamas rap about how they respect and enjoy each others’ unique differences
Reposted by Natalie Silvanovich
Inventor of the GIF, hearing about Notre Dame burning: oh no the jarjoyles
June 28, 2025 at 2:02 PM
Inventor of the GIF, hearing about Notre Dame burning: oh no the jarjoyles
Reposted by Natalie Silvanovich
I accidentally closed a browser yesterday with 72 VERY IMPORTANT TABS that have been following me around like Jacob Marley and somehow my history is not recoverable. Reader, I let them go, and have lived to tell the tale.
June 20, 2025 at 4:34 PM
I accidentally closed a browser yesterday with 72 VERY IMPORTANT TABS that have been following me around like Jacob Marley and somehow my history is not recoverable. Reader, I let them go, and have lived to tell the tale.
At least 3 miles of protesters along El Camino in Sunnyvale
June 14, 2025 at 8:06 PM
At least 3 miles of protesters along El Camino in Sunnyvale
I Googled “how to shorten a chain,” and got no good answers, so here’s the answer, here’s how you temporarily shorten it
June 14, 2025 at 1:49 AM
I Googled “how to shorten a chain,” and got no good answers, so here’s the answer, here’s how you temporarily shorten it
Reposted by Natalie Silvanovich
www.ibiblio.org/harris/500mi...
You might be one of the lucky people to learn today about an emailing bug that turned out to be caused by the speed of light.
You might be one of the lucky people to learn today about an emailing bug that turned out to be caused by the speed of light.
The case of the 500-mile email
www.ibiblio.org
June 7, 2025 at 1:18 PM
www.ibiblio.org/harris/500mi...
You might be one of the lucky people to learn today about an emailing bug that turned out to be caused by the speed of light.
You might be one of the lucky people to learn today about an emailing bug that turned out to be caused by the speed of light.
If there’s one thing I’ve learned, it’s that tab completion is never “just broken today”
June 6, 2025 at 11:52 PM
If there’s one thing I’ve learned, it’s that tab completion is never “just broken today”
If $106,050.10 was the size of a quarter, it would fit in 424,200.4 fewer shipping containers than …
May 30, 2025 at 4:23 AM
If $106,050.10 was the size of a quarter, it would fit in 424,200.4 fewer shipping containers than …
The world never says hello back
May 28, 2025 at 6:51 PM
The world never says hello back
The final part of Mateusz’s Windows Registry series is live! Contains all the hive memory corruption exploitation you’ve been waiting for
googleprojectzero.blogspot.com/2025/05/the-...
googleprojectzero.blogspot.com/2025/05/the-...
The Windows Registry Adventure #8: Practical exploitation of hive memory corruption
Posted by Mateusz Jurczyk, Google Project Zero In the previous blog post , we focused on the general security analysis of the registry a...
googleprojectzero.blogspot.com
May 28, 2025 at 6:24 PM
The final part of Mateusz’s Windows Registry series is live! Contains all the hive memory corruption exploitation you’ve been waiting for
googleprojectzero.blogspot.com/2025/05/the-...
googleprojectzero.blogspot.com/2025/05/the-...
Reposted by Natalie Silvanovich
🚨 CALLING ALL VULNERABILITY RESEARCHERS 🚨
The Junkyard is officially open!
This is our live, on-stage pwnathon dedicated to end-of-life systems. Submit your bugs!
Prizes range from $100 to $5,000 for categories like:
☄️ Most Impactful System
👾 Best Meme Target
👏 Most Engaging Presentation
The Junkyard is officially open!
This is our live, on-stage pwnathon dedicated to end-of-life systems. Submit your bugs!
Prizes range from $100 to $5,000 for categories like:
☄️ Most Impactful System
👾 Best Meme Target
👏 Most Engaging Presentation
May 28, 2025 at 2:14 PM
🚨 CALLING ALL VULNERABILITY RESEARCHERS 🚨
The Junkyard is officially open!
This is our live, on-stage pwnathon dedicated to end-of-life systems. Submit your bugs!
Prizes range from $100 to $5,000 for categories like:
☄️ Most Impactful System
👾 Best Meme Target
👏 Most Engaging Presentation
The Junkyard is officially open!
This is our live, on-stage pwnathon dedicated to end-of-life systems. Submit your bugs!
Prizes range from $100 to $5,000 for categories like:
☄️ Most Impactful System
👾 Best Meme Target
👏 Most Engaging Presentation