Fact-checked by Grok 2 weeks ago
References
-
[1]
Announcing Project Zero - Google Online Security BlogJul 15, 2014 · Project Zero is our contribution, to start the ball rolling. Our objective is to significantly reduce the number of people harmed by targeted ...
-
[2]
About Project Zero- **Description**: Project Zero is a team of security researchers at Google formed in 2014, focusing on zero-day vulnerabilities in hardware and software systems used globally.
-
[3]
Vulnerability Disclosure Policy - Google Project ZeroProject Zero follows a 90+30 disclosure deadline policy, which means that a vendor has 90 days after Project Zero notifies them about a security vulnerability ...
-
[4]
Google Project Zero Changes Its Disclosure PolicyAug 8, 2025 · Google's Project Zero team will retain its existing 90+30 policy regarding vulnerability disclosures, in which it provides vendors with 90 days ...
-
[5]
Policy and Disclosure: 2025 Edition - Google Project ZeroJul 29, 2025 · The primary goal of this trial is to shrink the upstream patch gap by increasing transparency. By providing an early signal that a vulnerability ...
-
[6]
Project Zero disclosure policy change puts vendors on early noticeJul 30, 2025 · Google wants to shorten delays in the vulnerability lifecycle by sharing limited details about newly discovered defects within a week of ...
-
[7]
Project ZeroNews and updates from the Project Zero team at Google. Pages. (Move to ...) About Project Zero, 0day "In the Wild" · 0day Exploit Root Cause Analyses ...
-
[8]
Project Zero: Ten Years of 'Make 0-Day Hard' - YouTubeOct 9, 2024 · In 2014, Google announced Project Zero, a security research team with the mission to 'make 0-day hard'. A lot has happened since then!
-
[9]
Google “Project Zero” hopes to find zero-day vulnerabilities before ...Jul 15, 2014 · Evans is still building the Project Zero team. Some members are being recruited from within Google. For example, Tavis Ormandy, who has ...Missing: initial | Show results with:initial
-
[10]
Meet 'Project Zero,' Google's Secret Team of Bug-Hunting HackersJul 15, 2014 · A group of top Google security researchers who will be given the sole mission of finding and neutering the most insidious security flaws in the world's ...Missing: great | Show results with:great
-
[11]
Incident report on memory leak caused by Cloudflare parser bugFeb 23, 2017 · The bug was serious because the leaked memory could contain private information and because it had been cached by search engines.
-
[12]
Major Cloudflare bug leaked sensitive data from customers' websitesFeb 23, 2017 · The leak may have been active as early as Sept. 22, 2016, almost five months before a security researcher at Google's Project Zero discovered it ...
-
[13]
Meltdown and SpectreWho reported Meltdown? Meltdown was independently discovered and reported by three teams: Jann Horn (Google Project Zero),; Werner Haas, Thomas Prescher ( ...
-
[14]
Reading privileged memory with a side-channel - Google Project ZeroJan 3, 2018 · From reading GPZ, Spectre, Meltdown and Fogh, it appears that the side-execution attacks are possible on all modern CPUs, but have only been ...Missing: involvement | Show results with:involvement
-
[15]
Tuesday, April 19, 2022 - Google Project ZeroApr 19, 2022 · 2021 included the detection and disclosure of 58 in-the-wild 0-days, the most ever recorded since Project Zero began tracking in mid-2014.Missing: 2015-2023 | Show results with:2015-2023
-
[16]
Google Project Zero Detects a Record Number of Zero-Day Exploits ...Apr 20, 2022 · Google Project Zero called 2021 a record year for in-the-wild 0-days, as 58 security vulnerabilities were detected and disclosed during the course of the year.Missing: 2015-2023 | Show results with:2015-2023
-
[17]
Google Project Zero: 95.8% of all bug reports are fixed ... - ZDNETAug 2, 2019 · However, starting with February 13, 2015, Google added an additional 14-day grace period that could extend the deadline under certain conditions ...
-
[18]
A walk through Project Zero metricsFeb 10, 2022 · Project Zero reported 376 issues to vendors under our standard 90-day deadline. 351 (93.4%) of these bugs have been fixed, while 14 (3.7%) have been marked as ...
-
[19]
A survey of recent iOS kernel exploits - Google Project ZeroJun 11, 2020 · This post summarizes original iOS kernel exploits from local app context targeting iOS 10 through iOS 13, focusing on the high-level exploit flow.Missing: Windows | Show results with:Windows
-
[20]
Analyzing a Modern In-the-wild Android Exploit - Google Project ZeroSep 19, 2023 · In December 2022, Google's Threat Analysis Group (TAG) discovered an in-the-wild exploit chain targeting Samsung Android devices.Missing: integration | Show results with:integration
-
[21]
Google shares details of a Windows Kernel Cryptography Driver ...Oct 30, 2020 · A post on the Project Zero page explains: "The Windows Kernel Cryptography Driver (cng.sys) exposes a \Device\CNG device to user-mode programs ...
-
[22]
From Naptime to Big Sleep: Using Large Language Models To ...Nov 1, 2024 · Friday, November 1, 2024 ... Since then, Naptime has evolved into Big Sleep, a collaboration between Google Project Zero and Google DeepMind.
-
[23]
November 2024 - Project ZeroNov 1, 2024 · Today, we're excited to share the first real-world vulnerability discovered by the Big Sleep agent: an exploitable stack buffer underflow in ...
-
[24]
Cloud CISO Perspectives: Our Big Sleep agent makes a big leapJul 17, 2025 · Our Big Sleep AI agent, first introduced in November 2024 by Google DeepMind and Project Zero, has taken a very significant step for defenders.
-
[25]
Google Project Zero Tackles Upstream Patch Gap With New PolicyJul 31, 2025 · Google Project Zero now publicly shares the discovery of a vulnerability and when its 90-day disclosure deadline expires.
-
[26]
Pointer leaks through pointer-keyed data structures - Project ZeroSep 26, 2025 · Friday, September 26, 2025. Pointer leaks through pointer-keyed data structures. Posted by Jann Horn, Google Project Zero. Introduction. Some ...
-
[27]
Working at Project ZeroFeb 20, 2019 · Natalie Silvanovich, Security Engineer, Project Zero: Project Zero members spend most of their time doing vulnerability research and exploit ...Missing: notable | Show results with:notable
-
[28]
How a simple Linux kernel memory corruption bug can lead to ...Oct 19, 2021 · Posted by Jann Horn, Project Zero. Introduction. This blog post describes a straightforward Linux kernel locking bug and how I exploited it ...
-
[29]
The Problems and Promise of WebAssembly - Google Project ZeroAug 16, 2018 · Posted by Natalie Silvanovich, Project Zero WebAssembly is a format that allows code written in assembly-like instructions to be run from ...
-
[30]
Down the Rabbit-Hole... - Google Project ZeroAug 13, 2019 · Posted by Tavis Ormandy, Security Research Over-Engineer. “Sometimes, hacking is just someone spending more time on something than anyone ...
-
[31]
The Unsinkable Maddie Stone, Google's Bug-Hunting BadassOct 25, 2020 · Stone is a prominent researcher on Google's Project Zero bug-hunting team, which finds critical software flaws and vulnerabilities—mostly in ...
-
[32]
New initiatives to reduce the risk of vulnerabilities and protect ...Apr 13, 2023 · It's why Project Zero, a vendor agnostic security research team that sits within Google and studies zero-day vulnerabilities in hardware and ...Missing: operational independence<|control11|><|separator|>
-
[33]
#BHUSA: Five Years of Google Project Zero Should Influence ...Aug 8, 2019 · “We are all bound by a mission and principles, and the key innovation is researchers have individual freedom to pursue their own independent ...Missing: culture operational
-
[34]
James Forshaw - NULLCONJames is a security researcher in Google's Project Zero. He has been ... Pwn2Own and Microsoft Mitigation Bypass bounty winner. He has spoken at a ...<|separator|>
-
[35]
Announcing Project ZeroJul 15, 2014 · Project Zero is our contribution, to start the ball rolling. Our objective is to significantly reduce the number of people harmed by targeted attacks.Missing: initial | Show results with:initial
-
[36]
Project Naptime: Evaluating Offensive Security Capabilities of Large ...Jun 20, 2024 · Though much of our work still relies on traditional methods like manual source code audits and reverse engineering, we're always looking for new ...
-
[37]
MMS Exploit Part 2: Effective Fuzzing of the Qmage CodecJul 23, 2020 · The next logical step was to thoroughly fuzz it – the code was definitely too extensive and complex to approach with a manual audit, especially ...Implementing A Qemu Fork... · Results · CrashesMissing: symbolic | Show results with:symbolic
-
[38]
Breaking the Sound Barrier Part I: Fuzzing CoreAudio with Mach ...May 9, 2025 · I'll detail how I used a custom fuzzing harness, dynamic instrumentation, and plenty of debugging/static analysis to identify a high-risk type ...Missing: ClusterFuzz | Show results with:ClusterFuzz
-
[39]
Designing sockfuzzer, a network syscall fuzzer for XNU - Project ZeroApr 22, 2021 · In this project, I pursued a somewhat unusual approach to fuzz XNU networking in userland by converting it into a library, “booting” it in userspace and using ...Missing: disassembly | Show results with:disassembly
-
[40]
In-the-Wild Series: Windows Exploits - Google Project ZeroJan 12, 2021 · In this post we'll discuss the exploits for vulnerabilities in Windows that have been used by the attacker to escape the Chrome renderer sandbox.
-
[41]
A very deep dive into iOS Exploit chains found in the wild - Project ZeroAug 29, 2019 · Working with TAG, we discovered exploits for a total of fourteen vulnerabilities across the five exploit chains: seven for the iPhone's web ...Missing: Windows | Show results with:Windows
-
[42]
googleprojectzero/winafl: A fork of AFL for fuzzing Windows binariesThis project is a fork of AFL that uses different instrumentation approach which works on Windows even for black box binary fuzzing.
-
[43]
Attacking the Qualcomm Adreno GPU - Google Project ZeroSep 8, 2020 · This blog post focuses on an interesting attack surface that is accessible from the Android application sandbox: the graphics processing unit (GPU) hardware.
-
[44]
Google fixes Android kernel zero-day exploited in attacksFeb 3, 2025 · The February 2025 Android security updates patch 48 vulnerabilities, including a zero-day kernel vulnerability that has been exploited in ...
-
[45]
[PDF] Project Zero - Black HatAug 7, 2019 · Ensures that the security impact of the bug is well understood. 2. Establishes an equivalence class of similarly exploitable vulnerabilities.
-
[46]
VU#584653 - CPU hardware vulnerable to side-channel attacksJan 4, 2018 · CPU hardware implementations are vulnerable to cache side-channel attacks. These vulnerabilities are referred to as Meltdown and Spectre.<|separator|>
-
[47]
Root Cause Analyses | 0-days In-the-Wild - GitHub PagesProject Zero began a program to systematically study 0-day exploits that are used in the wild. It's another way we're trying to make 0-day hard.Missing: annual reports 2014-2023
-
[48]
In-the-Wild Series: Android Exploits - Google Project ZeroJan 12, 2021 · This is part 4 of a 6-part series detailing a set of vulnerabilities found by Project Zero being exploited in the wild.
-
[49]
Hello 0-Days, My Old Friend: A 2024 Zero-Day Exploitation AnalysisApr 29, 2025 · Google Threat Intelligence Group tracked 75 zero-day vulnerabilities exploited in the wild in 2024, noting a shift towards targeting enterprise technologies.Missing: size | Show results with:size
-
[50]
44% of the zero-days exploited in 2024 were in enterprise solutionsApr 29, 2025 · 33 vulnerabilities (44%) affected enterprise solutions, which is up from 37% in 2023, according to Google Threat Intelligence Group researchers.Missing: statistics | Show results with:statistics
-
[51]
Feedback and data-driven updates to Google's disclosure policyFeb 13, 2015 · Project Zero has adhered to a 90-day disclosure deadline. Now we are applying this approach for the rest of Google as well.Missing: rationale | Show results with:rationale
-
[52]
Google's Project Zero to make faster vulnerability announcementsAug 1, 2025 · Google's elite bug hunters in the Project Zero team will from now on publicly share if they have discovered vulnerabilities within a week ...
-
[53]
Vulnerability Disclosure FAQ - Google Project ZeroJul 31, 2019 · The primary argument against releasing proof-of-concept exploit code is that malicious parties can quickly repurpose our research into an attack ...
-
[54]
Reporting Transparency - Google Project ZeroAs part of our 2025 Policy Trial, Project Zero will use this page to publicly track our Reporting Transparency effort. The trial commenced on July 29, 2025 ...
-
[55]
Today's CPU vulnerability: what you need to knowJan 3, 2018 · Google's Project Zero team discovered serious security flaws caused by “speculative execution,” a technique used by most modern processors (CPUs) to optimize ...
-
[56]
Spectre and Meltdown vulnerabilities that affect Intel, AMD - SecPodDec 28, 2018 · These are seven new transient execution attacks that discovered by the same team of Google Project Zero researchers, who discovered previous CPU ...
-
[57]
More Mac OS X and iPhone sandbox escapes and kernel bugsOct 1, 2014 · All-bar-one of these bugs were found via manual source code auditing where there was source and binary analysis where there wasn't. As always, ...Missing: 2015 | Show results with:2015
-
[58]
This shouldn't have happened: A vulnerability postmortemDec 1, 2021 · Posted by Tavis Ormandy, Project Zero. Introduction. This is an unusual blog post. I normally write posts to highlight some hidden attack ...
-
[59]
nss: memory corruption validating dsa/rsa-pss signatures - MonorailProgram received signal SIGSEGV, Segmentation fault. ... I haven't checked yet if macOS's fork of NSS also contains this flaw.
-
[60]
Examining Pointer Authentication on the iPhone XS - Project ZeroFeb 1, 2019 · In this post I examine Apple's implementation of Pointer Authentication on the A12 SoC used in the iPhone XS, with a focus on how Apple has improved over the ...
-
[61]
0-days In-the-Wild - GitHub PagesThis site aims to be a central repository for information about 0-days exploited in-the-wild! It's maintained by Google Project Zero.Missing: mission make great again
-
[62]
Root Cause Analyses for 0-day In-the-Wild Exploits - Project ZeroJul 29, 2020 · We've added a new column to the “0day In the Wild” tracking spreadsheet that will link to any RCAs that we publish. We will also continue to ...
-
[63]
A Year in Review of 0-days Exploited In-the-Wild in 2022Jul 27, 2023 · 41 in-the-wild 0-days were detected and disclosed in 2022, the second-most ever recorded since we began tracking in mid-2014, but down from the 69 detected in ...Missing: mission | Show results with:mission
-
[64]
Google: 41 zero-day vulnerabilities exploited in 2022 - TechTargetJul 27, 2023 · New browser mitigations contributed to a decrease in zero-day vulnerabilities affecting browsers. Google also observed that many attackers ...<|control11|><|separator|>
-
[65]
Spyware vendors use 0-days and n-days against popular platformsMar 29, 2023 · In this blog, we're sharing details about two distinct campaigns we've recently discovered which used various 0-day exploits against Android, iOS and Chrome.
-
[66]
Hackers Used Zero-Days to Infect Windows and Android DevicesJan 15, 2021 · The attackers obtained remote code execution by exploiting the Chrome zero-day and several recently patched Chrome vulnerabilities. All of the ...
-
[67]
CVE-2021-38000: Chrome Intents Logic Flaw | 0-days In-the-WildThe vulnerability is that the intent to an external app should only occur when driven by a user. (This includes when the user has selected "Always" on the ...
-
[68]
How Google Changed the Secretive Market for the Most Dangerous ...Sep 23, 2019 · A Project Zero researcher was also part of the group who found the infamous Spectre and Meltdown flaws in Intel chips. These numbers show ...
-
[69]
About the security content of iOS 12.1.3 - Apple SupportDescription: A memory corruption issue was addressed with improved lock state checking. CVE-2019-6205: Ian Beer of Google Project Zero. Kernel. Available for: ...
-
[70]
About the security content of iOS 14.3 and iPadOS 14.3Description: An information disclosure issue was addressed with improved state management. CVE-2020-27946: Mateusz Jurczyk of Google Project Zero. FontParser.
-
[71]
A Look at iMessage in iOS 14 - Google Project ZeroJan 28, 2021 · This blog post discussed three improvements in iOS 14 affecting iMessage security: the BlastDoor service, resliding of the shared cache, and ...
-
[72]
Microsoft criticizes Google for 'gotcha' approach to bug disclosureJan 12, 2015 · "On balance, Project Zero believes that disclosure deadlines are currently the optimal approach for user security," Google told Engadget.
-
[73]
Microsoft blasts Google for vulnerability disclosure policy - CSO OnlineGoogle's Project Zero, for the second time in less than a month, disclosed an unpatched privilege escalation flaw in Windows 8.1. The disclosure came 90-days ...
-
[74]
Microsoft chastises Google for disclosing Windows 8.1 security hole ...Jan 11, 2015 · Microsoft is publicly criticizing Google for releasing details about a security vulnerability in Windows 8.1 two days before the Redmond ...
-
[75]
Google updates disclosure policy after Windows, OS X zero-day ...Feb 13, 2015 · Google updates disclosure policy after Windows, OS X zero-day controversy. A little give has been added to Project Zero's 90-day action deadline ...Missing: criticism | Show results with:criticism<|separator|>
-
[76]
Google reveals trio of security vulnerabilities in OS X - WeLiveSecurityJan 26, 2015 · Google's Project Zero has released information on three as yet unpatched vulnerabilities in Apple's OS X operating system, reports Ars Technica ...
-
[77]
Google: Vendors took an average of 52 days to fix reported security ...Feb 11, 2022 · Between 2019 and 2021, Project Zero researchers reported 376 issues to vendors under their 90-day deadline. Of those 376 issues, more than ...<|separator|>
-
[78]
Google's unusual move to shut down an active counterterrorism ...Mar 26, 2021 · A decision to shut down exploits being used by "friendly" hackers has caused controversy inside the company's security teams.
- [79]
-
[80]
Policy and Disclosure: 2020 Edition - Google Project ZeroJan 7, 2020 · For example, around the time Project Zero started in 2014, some issues were taking upwards of six months to fix.
-
[81]
Google: Stop Burning Counterterrorism Operations - Michael CoppolaJun 24, 2024 · This piece refers to an incident involving Google TAG and Project Zero dating back to 2020 and 2021. At the time, these events stirred a ...
- [82]