Vulnerabilities
Keeping Internet users safe is more than just making sure Google's products are secure. Google engineers also contribute to improving the security of non-Google software that our products and users rely on.
Provided below is a list of software vulnerabilities discovered or fixed by Googlers, along with presentations we've given at industry security conferences. You can also find publications about security, cryptography, and privacy work in Google's main research portal.
| Googler | Product | Date | Reference | Description | More info |
|---|---|---|---|---|---|
| Niels Heinen | Apache | 2013-02-18 | CVE-2012-3499 CVE-2012-4558 | Multiple XSS vulnerabilities | Apache advisory |
| Abhishek Arya | Firefox | 2013-01-08 | CVE-2013-0760, CVE-2013-0762, many | Memory corruption | Mozilla advisory |
| Abhishek Arya | Firefox | 2012-11-20 | CVE-2012-4214, CVE-2012-4215, many | Memory corruption | Mozilla advisory |
| Abhishek Arya | Firefox | 2012-10-09 | CVE-2012-3995, CVE-2012-4179, many | Memory corruption | Mozilla advisory |
| Niels Heinen | opencryptoki | 2012-09-27 | CVE-2012-4454, CVE-2012-4455 | Local privilege escalation | CVE |
| Thai Duong | Chrome, Firefox | 2012-09-21 | CVE-2012-4929 | TLS Compression Information Leak | CVE |
| Abhishek Arya | Firefox | 2012-08-28 | CVE-2012-1972, CVE-2012-1973, many | Memory corruption | Mozilla advisory |
| Cris Neckar | Microsoft IE | 2012-08-15 | CVE-2012-2523 | Memory corruption | MS bulletin |
| Billy Rios | Tridium Niagara | 2012-08-15 | CVE-2012-4027 | Privilege Escalation | US-CERT |
| Billy Rios | Tridium Niagara | 2012-08-15 | CVE-2012-4028 | Weak Cred Storage | US-CERT |
| Billy Rios | Tridium Niagara | 2012-08-15 | CVE-2012-3025 | Plaintext Credential Storage | US-CERT |
| Billy Rios | Tridium Niagara | 2012-08-15 | CVE-2012-3024 | Authentication Bypass | US-CERT |
| Mateusz Jurczyk, Gynvael Coldwind | Adobe Reader | 2012-08-14 | CVE-2012-4149, CVE-2012-4160 | Multiple memory corruption vulnerabilities | Adobe Bulletin |
| Mateusz Jurczyk | Microsoft Windows | 2012-08-14 | CVE-2012-2527 | Win32k Use After Free Vulnerability | MS bulletin |
| Mateusz Jurczyk, Gynvael Coldwind | Google Chrome | 2012-08-06 | CVE-2012-2851, CVE-2012-2855, CVE-2012-2856, CVE-2012-2862, CVE-2012-2863, many more. | Multiple memory corruption vulnerabilities | Chrome Blog |
| Abhishek Arya, Adam Barth, Cris Neckar, David Levin, Julien Chaffraix, Stephen Chenney, Thomas Sepez | Safari 6 (WebKit) | 2012-07-25 | many | Memory corruption | Apple Advisory |
| Abhishek Arya | Firefox | 2012-07-17 | CVE-2012-1951, CVE-2012-1954, CVE-2012-1953, CVE-2012-1952 | Memory corruption | Mozilla advisory |
| Mateusz Jurczyk | libexif | 2012-07-12 | CVE-2012-2812, CVE-2012-2813, CVE-2012-2814 | Memory corruption, information leak vulnerabilities | Bugtraq |
| Niels Heinen | Apache | 2012-06-13 | CVE-2012-2687 | XSS in mod_negotiate | Apache bug tracker |
| Mateusz Jurczyk | Microsoft Windows | 2012-06-12 | CVE-2012-1867 | Font Resource Refcount Integer Overflow Vulnerability | MS bulletin |
| Billy Rios | Windows | 2012-06-12 | CVE-2007-2219 | Remote Code Execution | MS bulletin |
| Abhishek Arya | Firefox | 2012-06-05 | CVE-2012-1947, CVE-2012-1940, CVE-2012-1941 | Memory corruption | Mozilla advisory |
| Kees Cook | nVidia graphics drivers | 2012-05-17 | CVE-2012-0951, CVE-2012-0952, CVE-2012-0953 | Privilege escalation via ioctl races | Bug tracker |
| Andrew Lyons & Drew Hintz | Microsoft Hotmail | 2012-05-01 | CVE-2012-2520 | Persistent XSS | |
| Tavis Ormandy | OpenSSL | 2012-04-19 | CVE-2012-2110 | ASN.1 parsing bug in OpenSSL | |
| Ken Mixter & Daniel Kurtz | Xorg | 2012-04-18 | CVE-2012-2118 | format string flaw when logging input device names | Blog |
| Billy Rios | Siemens WinCC | 2012-04-18 | CVE-2011-4508 | Authentication Bypass | US-CERT |
| Billy Rios | Siemens WinCC | 2012-04-18 | CVE-2011-4509 | Weak Credentials | US-CERT |
| Billy Rios | Siemens WinCC | 2012-04-18 | CVE-2011-4510 | XSS | US-CERT |
| Billy Rios | Siemens WinCC | 2012-04-18 | CVE-2011-4511 | XSS | US-CERT |
| Billy Rios | Siemens WinCC | 2012-04-18 | CVE-2011-4513 | Client side attacks via specially crafted files | US-CERT |
| Niels Heinen | Apache (debian) | 2012-04-15 | CVE-2012-0216 | Code execution on specific setups | Debian advisory |
| Mateusz Jurczyk, Gynvael Coldwind | FFmpeg, libav | 2012-04-14 | CVE-2011-3930 up to CVE-2011-3952; many more. | Multiple memory corruption vulnerabilities | Link |
| Billy Rios | Adobe Reader | 2012-04-10 | CVE-2011-4371 | Heap Overflow | Adobe Bulletin |
| Fermin Serna | Adobe Flash | 2012-04-05 | CVE-2012-0724, CVE-2012-0725 | Adobe Flash sandbox escapes | Adobe Bulletin |
| Billy Rios | Invensys Information Portal | 2012-04-02 | CVE-2012-0225 | XSS | US-CERT |
| Billy Rios | Invensys Information Portal | 2012-04-02 | CVE-2012-0226 | SQLi | US-CERT |
| Billy Rios | Invensys Information Portal | 2012-04-02 | CVE-2012-0228 | Priv Escalation | US-CERT |
| Mateusz Jurczyk | FreeType2 | 2012-03-08 | CVE-2012-1126 up to CVE-2012-1144 | Multiple memory corruption vulnerabilities | |
| Abhishek Arya, Adam Klein, Cris Neckar, Dave Levin, Lei Zhang, Jeremy Apthorp, Julien Chaffraix, Lei Zhang | Safari 5.1.4, iTunes 10.6 (WebKit) | 2012-03-07 | many | Memory corruption | Apple advisory |
| Kees Cook | glibc | 2012-03-05 | CVE-2012-0864 | FORTIFY_SOURCE bypass via format string nargs integer overflow. NOTE: fix vuln only, did not find. | Link |
| Mateusz Jurczyk | OpenType Sanitizer | 2012-03-02 | CVE-2011-3062 | Off-by-one in function pointer array management | Chrome bug tracker |
| Fermin Serna | Adobe Flash | 2012-02-23 | CVE-2012-0769 | Information leak | Link |
| Eduardo Vela | Adobe Flash | 2012-02-15 | CVE-2012-0755 | Flash Origin Spoofing | Adobe Bulletin |
| Billy Rios | Invensys HMI Reports | 2012-02-08 | CVE-2011-4038 | XSS | US-CERT |
| Billy Rios | Invensys HMI Reports | 2012-02-08 | CVE-2011-4039 | Memory Corruption | US-CERT |
| Ben Hawkes | Firefox | 2012-01-31 | CVE-2012-0443 | Memory corruption | Mozilla advisory |
| Meder Kydyraliev | Struts2/XWork | 2012-01-22 | CVE-2011-3923 | Remote code execution | Link |
| Ben Laurie | OpenSSL | 2012-01-04 | CVE-2011-4109 | Double free | |
| Mateusz Jurczyk | Microsoft Windows | 2011-12-13 | CVE-2011-2018 | Windows Kernel Exception Handler Vulnerability | MS bulletin |
| Michal Zalewski | Firefox / Chrome / Safari / Opera/ Internet Explorer | 2011-12-06 | CVE-2011-4692 CVE-2011-4691 CVE-2011-4690 CVE-2011-4689 CVE-2011-4688 | Cache timing attack | LInk |
| Billy Rios | Safari | 2011-11-17 | CVE-2010-0045 | Remote Code Execution | Apple advisory |
| Billy Rios | Safari | 2011-11-16 | CVE-2010-1778 | File Theft | Apple advisory |
| Eduardo Vela | Netflix | 2011-11-11 | Script Inclusion and XSS | ||
| Ben Hawkes | Adobe Flash | 2011-11-10 | CVE-2011-2456 | Memory corruption | Adobe Bulletin |
| Felix Groebert | Apple FileVault | 2011-10-14 | CVE-2011-3212 | Information leak | |
| Billy Rios | Safari, AppleTV | 2011-10-12 | CVE-2011-0216 | Heap Overflow LibXML | Apple advisory |
| Abhishek Arya, Adam Barth, Cris Neckar, Dimitri Glazkov, Dominic Cooney, Kent Tamura, Philip Rogers, Raman Tenneti, Sadrul Habib Chowdhury | Safari 5.1.1, iTunes 10.5 (WebKit) | 2011-10-11 | many | Memory corruption | Apple advisory |
| Ben Hawkes | Firefox | 2011-09-27 | CVE-2011-3003 | Memory corruption | Mozilla advisory |
| Ben Hawkes | nginx | 2011-09-11 | CVE-2011-4315 | Memory corruption | Link |
| Ben Hawkes | Squid | 2011-08-28 | CVE-2011-3205 | Memory corruption | Link |
| Eduardo Vela | 2011-08-15 | XSS and RPC spoofing | Blog | ||
| Tavis Ormandy | Adobe Flash | 2011-08-12 | CVE-2011-2424 (one CVE, dozens of bugs) | Memory corruption | Google Security Blog |
| Michal Zalewski | Internet Explorer | 2011-08-09 | MS11-057 | Defense in depth | MS bulletin |
| Robert Swiecki | Microsoft IE | 2011-06-14 | CVE-2011-1246 | Universal XSS | MS bulletin |
| Billy Rios | Adobe Reader | 2011-06-14 | CVE-2011-2101 | Remote Code Execution | Adobe Bulletin |
| Chris Evans | libxml | 2011-05-27 | Integer problems / memory corruption | Blog | |
| Niels Heinen | python | 2011-05-24 | CVE-2011-1521 | File disclosure in urllib redirect handling | Python Blog |
| Eduardo Vela | easyXDM | 2011-04-14 | XSS and RPC spoofing | Link | |
| Felix Groebert | Apple CoreGraphics and TypeServer | 2011-03-23 | CVE-2011-0175, CVE-2011-0176, CVE-2011-0202 | Code execution | |
| Chris Evans | Chrome, Firefox, Internet Explorer, Opera, Safari | 2011-03-09 | Information leak | Blog | |
| Abhishek Arya, Chris Evans, Emil A Eklund, Erik Wong, Michal Zalewski, Mihai Parparita, Yuzo Fujishima | Safari 5.0.4, iOS4.3, iTunes 10.2 (WebKit) | 2011-03-09 | many | Memory corruption | Apple advisory |
| Chris Evans | Foxit PDF Reader | 2011-03-05 | Arbitrary file write | Blog | |
| Felix Groebert | Ruby on Rails | 2011-02-08 | CVE-2011-0447 | XSRF | |
| Billy Rios | Adobe Reader | 2011-02-08 | CVE-2011-0587 | XSS | Adobe Bulletin |
| Billy Rios | Adobe Reader | 2011-02-08 | CVE-2011-0604 | XSS | Adobe Bulletin |
| Eduardo Vela | Oracle Java Applets | 2011-02-01 | CVE-2010-4466 | Java Universal XSS Vulnerability | Oracle advisory |
| Eduardo Vela | Marcaria.com | 2011-01-12 | Authentication Bypass | ||
| Michal Zalewski | Internet Explorer 6, 7, 8 | 2011-01-01 | MS11-018 CVE-2011-0346 | Use-after-free | Blog |
| Michal Zalewski | Internet Explorer | 2011-01-01 | CVE-2011-0347 | Graphics rendering problem | Blog |
| Abhishek Arya, Cris Neckar, Rohit Makasana | Safari 5.0.3, iOS4.2 (WebKit) | 2010-11-22 | many | Memory corruption | Apple advisory |
| Chris Evans | Internet Explorer | 2010-10-21 | Cross-origin Infomation Disclosure | Blog | |
| Eduardo Vela | Mozilla Firefox | 2010-10-19 | CVE-2010-3178 | Cross-site Information Disclosure | Mozilla advisory |
| Michal Zalewski | Safari 5 (WebKit) | 2010-10-07 | CVE-2010-1119 CVE-2010-3811 | Use-after-free | Blog |
| Michal Zalewski | Firefox 3.5, Safari 5 (WebKit) | 2010-10-05 | CVE-2010-1206 MFSA 2010-45 CVE-2010-3774 MFSA 2010-83 CVE-2010-2454 | URL bar spoofing vulnerabilities | Blog |
| Billy Rios | Adobe Reader | 2010-10-05 | CVE-2010-3625 | Remote Code Execution | Adobe Bulletin |
| Chris Evans | Internet Explorer | 2010-09-29 | Universal XSS | Blog | |
| Ben Hawkes | Linux kernel | 2010-09-14 | CVE-2010-3301 | Local privilege escalation | Link |
| Ben Hawkes | Linux kernel | 2010-09-07 | CVE-2010-3081 | Local privilege escalation | Link |
| Michal Zalewski | Firefox 3.6 | 2010-09-07 | MFSA 2010-49 CVE-2010-3169 MFSA 2010-64 CVE-2010-3175 | Memory corruption | Mozilla advisory |
| Ben Hawkes | Linux kernel | 2010-08-20 | CVE-2010-2959 | Local privilege escalation | Link |
| Meder Kydyraliev | JBoss Seam | 2010-07-28 | CVE-2010-1871 | Remote code execution | Blog |
| Meder Kydyraliev | Struts2/XWork | 2010-07-09 | CVE-2010-1870 | Remote code execution | Link |
| Robert Swiecki | FreeType2 | 2010-06-05 | CVE-2010-2497 CVE-2010-2498 CVE-2010-2499 CVE-2010-2500 CVE-2010-2519 CVE-2010-2520 CVE-2010-2527 | Memory corruption | Link |
| Eduardo Vela | Apple Safari | 2010-04-15 | CVE-2010-1394 | HTML Serialization Bug | Apple advisory |
| Michal Zalewski | Firefox 3.5, Safari 5 (WebKit) | 2010-04-15 | MFSA 2010-31 CVE-2010-1125 CVE-2010-1422 | Strokejacking | Blog |
| Billy Rios | Adobe Reader | 2010-04-13 | CVE-2010-0190 | Remote Code Execution | Adobe Bulletin |
| Billy Rios | Adobe Reader | 2010-04-13 | CVE-2010-0191 | Remote Code Execution | Adobe Bulletin |
| Michal Zalewski | Internet Explorer 6 | 2010-04-05 | MS10-035 CVE-2010-1259 | Uninitialized memory corruption vulnerability | MS bulletin |
| Eduardo Vela | Microsoft IE | 2010-02-10 | CVE-2010-3243 | CSS Serialization Problem | MS bulletin |
| Neel Mehta, Sumit Gwalani, Drew Hintz | Microsoft Windows | 2010-02-09 | CVE-2010-0239, CVE-2010-0240, CVE-2010-0241 | Remote code execution in tcpip.sys | MS bulletin |
| Michal Zalewski | Safari 5 (WebKit) | 2010-02-03 | CVE-2010-0544 | Universal XSS | Blog |
| Eduardo Vela | Microsoft IE | 2010-01-21 | CVE-2009-4074, CVE-2010-1489 | Universal XSS in IE 8 | MS bulletin |
| Tavis Ormandy | Windows kernel | 2010-01-21 | CVE-2010-0232 | Microsoft Windows NT #GP Trap Handler Allows Users to Switch Kernel Stack | Blog |
| Chris Evans | Chrome, Firefox, Internet Explorer, Opera, Safari | 2009-12-28 | Cross-origin Infomation Disclosure | Blog | |
| Billy Rios | FireFox | 2009-11-25 | CVE-2008-2933 | Protocol Handling Issue | Mozilla bug tracker |
| Tavis Ormandy, Julien Tinnes | VMware | 2009-10-30 | CVE-2009-2267 | Guest privilege escalation via VM86 | Blog |
| Michal Zalewski | Safari 4 (WebKit) | 2009-09-24 | CVE-2009-3384 | Code execution | |
| Julien Tinnes, Tavis Ormandy | NetBSD and other kernels. | 2009-09-16 | CVE-2009-2793 | Privilege escalation via precommit #GP. | Link |
| Drew Hintz | Microsoft Silverlight.net | 2009-09-01 | MSRC 9210 | SQL Injection | |
| Tavis Ormandy, Julien Tinnes | Linux Kernel | 2009-08-28 | CVE-2009-2698 | Privilege escalation | Blog |
| Tavis Ormandy, Julien Tinnes | Linux Kernel | 2009-08-13 | CVE-2009-2692 | Privilege escalation in all 2.4 and 2.6 Linux kernels. | Link |
| Peter Valchev | libexpat | 2009-08-06 | CVE-2009-3720 | Memory corruption/DoS, multiple | NVD |
| Chris Evans | Apple CoreGraphics | 2009-08-05 | Memory corruption | Blog | |
| Julien Tinnes, Tavis Ormandy | Pulseaudio | 2009-07-16 | CVE-2009-1894 | Privilege escalation | Blog |
| Tavis Ormandy, Julien Tinnes | Microsoft VirtualPC | 2009-07-15 | CVE-2009-1542 | Guest privilege escalation | MS bulletin |
| Chris Evans | mimetex | 2009-07-10 | Memory corruption, information disclosure | Link | |
| Chris Palmer | Android | 2009-07-06 | CVE-2009-2348 | Authorization bypass | |
| Julien Tinnes, Tavis Ormandy | Linux kernel | 2009-06-26 | CVE-2009-1895 | mmap_min_addr bypass | Blog |
| Chris Evans | Safari | 2009-06-09 | Cross-origin Infomation Disclosure | Blog | |
| Chris Evans | Safari | 2009-06-08 | File theft | Blog | |
| Michal Zalewski | Safari 4 (WebKit) | 2009-05-20 | CVE-2009-1684 | Universal XSS | |
| Chris Evans | Java | 2009-03-27 | Memory corruption | Blog | |
| Chris Evans | LittleCMS (lcms) | 2009-03-17 | Memory corruption | Blog | |
| Chris Evans | Linux kernel | 2009-02-24 | Bypass signal restrictions | Blog | |
| Michal Zalewski | Internet Explorer | 2009-02-12 | MS09-014 CVE-2009-0551 | Memory corruption | MS bulletin |
| Chris Evans | Linux kernel | 2009-01-23 | Syscall filter bypass | Blog | |
| Chris Evans | Firefox | 2008-12-07 | Cross-origin Infomation Disclosure | Blog | |
| Billy Rios | Java | 2008-12-05 | CVE-2008-5343 | GIFAR | NVD |
| Chris Evans | Firefox | 2008-11-17 | Cross-origin Infomation Disclosure | Blog | |
| Michal Zalewski, Chris Evans | Firefox 2 | 2008-11-12 | MFSA 2008-48 CVE-2008-5012 | Cross-domain data disclosure | Mozilla advisory |
| Chris Evans | Python | 2008-10-20 | Memory corruption | Blog | |
| Ben Laurie | Various OpenID providers | 2008-08-08 | CVE-2008-3280 | Weak SSL keys in OpenID providers | |
| Chris Evans | libxslt | 2008-07-31 | Memory corruption | Blog | |
| Michal Zalewski | Mac OS X | 2008-05-18 | CVE-2008-2321 | Code execution | |
| Chris Evans | Java | 2008-03-05 | Memory corruption | Blog | |
| Chris Evans | Ghostscript | 2008-02-27 | Memory corruption | Blog | |
| Michal Zalewski | Firefox 2 | 2008-02-07 | MFSA 2008-02 CVE-2008-0414 | Strokejacking | Mozilla advisory |
| Michal Zalewski | Firefox 2 | 2008-02-07 | MFSA 2008-08 CVE-2008-0591 | Trusted UI problem | Mozilla advisory |
| Martin Straka | Firefox | 2008-02-01 | CVE-2008-0593 | Information leak | Mozilla advisory |
| Peter Valchev | libcairo | 2007-11-16 | CVE-2007-5503 | Memory corruption | NVD |
| Chris Evans | pcre | 2007-11-07 | Memory corruption | Link | |
| Michal Zalewski | Mac OS X | 2007-11-06 | CVE-2007-5854 | XSS | |
| Billy Rios | Windows | 2007-10-11 | CVE-2007-3896 | Remote Code Execution | NVD |
| Billy Rios | Java | 2007-10-03 | CVE-2007-5232 | DNS Rebinding | NVD |
| Michal Zalewski | Safari 3 (WebKit) | 2007-07-12 | CVE-2007-3758 CVE-2007-3760 CVE-2007-3756 | Universal XSS | |
| Billy Rios | FireFox | 2007-07-10 | CVE-2007-3670 | protocol Handling Issue | NVD |
| Martin Straka | Java 2 Platform, Standard Edition | 2007-06-01 | Security Sun Alert 201348 | XSS | Oracle advisory |
| Chris Evans | Java | 2007-05-15 | Memory corruption | Link | |
| Robert Swiecki | Linux kernel | 2007-03-27 | CVE-2007-1734 | Linux kernel memory disclosure | Security Focus |
| Chris Evans | OpenBSD kernel | 2006-10-07 | Memory corruption | Link | |
| Tavis Ormandy | gzip | 2006-08-28 | CVE-2006-4336, CVE-2006-4337, CVE-2006-4338 | Memory corruption | Link |
| Tavis Ormandy | libtiff | 2006-06-16 | CVE-2006-3460, CVE-2006-3461, CVE-2006-3462 | Memory corruption | Link |
| Chris Evans | libgif | 2005-11-06 | Memory corruption | Link |