@ProjectZeroBugs profile picture
Project Zero Bugs @ProjectZeroBugs

A bot that posts the latest blog posts and disclosures from Google's Project Zero

Joined February 2016
  • Tweets 1,779
  • Following 0
  • Followers 36,884
Photos and videos
apple-zlib: uninitialized memory leak during decompression in inflate project-zero.issues.chromium…
6
34
4,314
FreeType: Heap Buffer Over-read in tt_face_colr_blend_layer via Sub-byte Bitmaps project-zero.issues.chromium…
2
9
2,347
FreeType: Integer Overflow leading to Out-of-Bounds Read in TrueType IUP Instruction project-zero.issues.chromium…
2
14
2,020
FreeType: Heap Buffer Overflow via Signedness Mismatch in TrueType Variation Handling (tt_interpolate_deltas) project-zero.issues.chromium…
2
19
9,172
FreeType: Heap Buffer Overflow via Improper Limit Calculation in TrueType SHZ Instruction project-zero.issues.chromium…
8
24
3,579
Linux >=6.10: io_uring: kernel memory read via unchecked address in ITER_UBUF/ITER_IOVEC iov_iter combined with non-checking nocache/flushcache accessors project-zero.issues.chromium…
6
26
3,954
Adobe DNG SDK: inconsistency between kMaxColorPlanes and kMaxSamplesPerPixel leads to multiple memory corruption issues project-zero.issues.chromium…
2
16
3,430
Adobe DNG SDK: systemic out-of-bounds reads in rendering routines due to lack of NaN validation and missing index lower-bound checks project-zero.issues.chromium…
2
13
3,994
Adobe DNG SDK: heap corruption via negative pointer in dng_simple_image::Trim due to DefaultCropArea logic error project-zero.issues.chromium…
1
13
2,582
A 0-click exploit chain for the Pixel 10: When a Door Closes, a Window Opens projectzero.google/2026/05/p…

A 0-click exploit chain for the Pixel 10: When a Door Closes, a Window Opens

We recently published an exploit chain for the Google Pixel 9 that demonstrated it was possible t...

projectzero.google
3
77
383
132,135
V8 Sandbox Bypass: Memory corruption during BigInt division project-zero.issues.chromium…
9
92
47,601
Adobe DNG SDK: integer overflow in dng_pixel_buffer::OptimizeOrder leads to out-of-bounds memory access project-zero.issues.chromium…
3
14
3,805
Adobe DNG SDK: out-of-bounds write in dng_render_task::ProcessArea due to coordinate system confusion project-zero.issues.chromium…
2
11
5,228
Windows: WinLogon WlAccessabilitypDeleteSATKey Registry Deletion EoP project-zero.issues.chromium…
3
12
3,954
Windows: ATBroker CopySettingsToLockedDesktop Information Disclosure project-zero.issues.chromium…
2
9
3,282
Windows: OSK Shared Session Key EoP project-zero.issues.chromium…
5
27
4,005
vpu driver allocation and free of dmabuf and iova can race causing UAF read project-zero.issues.chromium…

1
3
38
4,688
V8 Sandbox Bypass: Memory corruption during StringToBigInt conversion project-zero.issues.chromium…
6
42
4,570
V8 Sandbox Bypass: Arbitrary bytecode execution due to BytecodeArray swapping before code deoptimization project-zero.issues.chromium…
5
41
4,364
vpu driver open and close instance ioctls race causing UAF project-zero.issues.chromium…
8
40
5,315
Load more