Category: Google Online Security Blog

5 new protections on Google Messages to help keep you safe

Posted by Jan Jedrzejowicz, Director of Product, Android and Business Communications; Alberto Pastor Nieto, Sr. Product Manager Google Messages and RCS Spam and Abuse; Stephan Somogyi, Product Lead, User Protection; Branden Archer, Software Engineer Every day, over a billion people…

Safer with Google: Advancing Memory Safety

Posted by Alex Rebert, Security Foundations, and Chandler Carruth, Jen Engel, Andy Qin, Core Developers Error-prone interactions between software and memory1 are widely understood to create safety issues in software. It is estimated that about 70% of severe vulnerabilities2 in…

Using Chrome’s accessibility APIs to find security bugs

Posted by Adrian Taylor, Security Engineer, Chrome Chrome’s user interface (UI) code is complex, and sometimes has bugs. Are those bugs security bugs? Specifically, if a user’s clicks and actions result in memory corruption, is that something that an attacker…

Evaluating Mitigations & Vulnerabilities in Chrome

Posted by Alex Gough, Chrome Security Team The Chrome Security Team is constantly striving to make it safer to browse the web. We invest in mechanisms to make classes of security bugs impossible, mitigations that make it more difficult to…

Eliminating Memory Safety Vulnerabilities at the Source

Posted by Jeff Vander Stoep – Android team, and Alex Rebert – Security Foundations Memory safety vulnerabilities remain a pervasive threat to software security. At Google, we believe the path to eliminating this class of vulnerabilities at scale and building…

Eliminating Memory Safety Vulnerabilities at the Source

Posted by Jeff Vander Stoep – Android team, and Alex Rebert – Security Foundations Memory safety vulnerabilities remain a pervasive threat to software security. At Google, we believe the path to eliminating this class of vulnerabilities at scale and building…

A new path for Kyber on the web

Posted by David Adrian, David Benjamin, Bob Beck & Devon O’Brien, Chrome Team We previously posted about experimenting with a hybrid post-quantum key exchange, and enabling it for 100% of Chrome Desktop clients. The hybrid key exchange used both the…

Deploying Rust in Existing Firmware Codebases

< p style=”text-align: left;”>Posted by Ivan Lozano and Dominik Maier, Android Team Android’s use of safe-by-design principles drives our adoption of memory-safe languages like Rust, making exploitation of the OS increasingly difficult with every release. To provide a secure foundation,…

Staying Safe with Chrome Extensions

Posted by Benjamin Ackerman, Anunoy Ghosh and David Warren, Chrome Security Team Chrome extensions can boost your browsing, empowering you to do anything from customizing the look of sites to providing personalized advice when you’re planning a vacation. But as…

Time to challenge yourself in the 2024 Google CTF

Hlynur Gudmundsson, Software Engineer < div> It’s Google CTF time! Install your tools, commit your scripts, and clear your schedule. The competition kicks off on June 21 2024 6:00 PM UTC and runs through June 23 2024 6:00 PM UTC.…

I/O 2024: What’s new in Android security and privacy

Posted by Dave Kleidermacher, VP Engineering, Android Security and Privacy Our commitment to user safety is a top priority for Android. We’ve been consistently working to stay ahead of the world’s scammers, fraudsters and bad actors. And as their tactics…

Secure by Design: Google’s Perspective on Memory Safety

Alex Rebert, Software Engineer, Christoph Kern, Principal Engineer, Security Foundations Google’s Project Zero reports that memory safety vulnerabilities—security defects caused by subtle coding errors related to how a program accesses memory—have been “the standard for attacking software for the last…

Secure by Design: Google’s Perspective on Memory Safety

Alex Rebert, Software Engineer, Christoph Kern, Principal Engineer, Security Foundations < div> Google’s Project Zero reports that memory safety vulnerabilities—security defects caused by subtle coding errors related to how a program accesses memory—have been “the standard for attacking software for…

Improving Interoperability Between Rust and C++

Posted by Lars Bergstrom – Director, Android Platform Tools & Libraries and Chair of the Rust Foundation Board Back in 2021, we announced that Google was joining the Rust Foundation. At the time, Rust was already in wide use across…

UN Cybercrime Treaty Could Endanger Web Security

Royal Hansen, Vice President of Privacy, Safety and Security Engineering This week, the United Nations convened member states to continue its years-long negotiations on the UN Cybercrime Treaty, titled “Countering the Use of Information and Communications Technologies for Criminal Purposes.” 

Scaling security with AI: from detection to solution

Dongge Liu and Oliver Chang, Google Open Source Security Team, Jan Nowakowski and Jan Keller, Machine Learning for Security Team < div> The AI world moves fast, so we’ve been hard at work keeping security apace with recent advancements. One…

Hardening cellular basebands in Android

Posted by Ivan Lozano and Roger Piqueras Jover Android’s defense-in-depth strategy applies not only to the Android OS running on the Application Processor (AP) but also the firmware that runs on devices. We particularly prioritize hardening the cellular baseband given…

Evolving the App Defense Alliance

Posted by Nataliya Stanetsky, Android Security and Privacy Team The App Defense Alliance (ADA), an industry-leading collaboration launched by Google in 2019 dedicated to ensuring the safety of the app ecosystem, is taking a major step forward. We are proud…

MTE – The promising path forward for memory safety

Posted by Andy Qin, Irene Ang, Kostya Serebryany, Evgenii Stepanov Since 2018, Google has partnered with ARM and collaborated with many ecosystem partners (SoCs vendors, mobile phone OEMs, etc.) to develop Memory Tagging Extension (MTE) technology. We are now happy…

Qualified certificates with qualified risks

Posted by Chrome Security team Improving the interoperability of web services is an important and worthy goal. We believe that it should be easier for people to maintain and control their digital identities. And we appreciate that policymakers working on…

Increasing transparency in AI security

Mihai Maruseac, Sarah Meiklejohn, Mark Lodato, Google Open Source Security Team (GOSST) < div> New AI innovations and applications are reaching consumers and businesses on an almost-daily basis. Building AI securely is a paramount concern, and we believe that Google’s…

Scaling Rust Adoption Through Training

Posted by Martin Geisler, Android team Android 14 is the third major Android release with Rust support. We are already seeing a number of benefits: Productivity: Developers quickly feel productive writing Rust. They report important indicators of development velocity, such…

Capslock: What is your code really capable of?

Jess McClintock and John Dethridge, Google Open Source Security Team, and Damien Miller, Enterprise Infrastructure Protection Team When you import a third party library, do you review every line of code? Most software packages depend on external libraries, trusting that…