Introducing the In-the-Wild Series
This is part 1 of a 6-part series detailing a set of vulnerabilities found by Project Zero being exploited in the wild.
At Project Zero we often refer to our goal simply as “make 0-day hard”. Members of the team approach this challenge mainly through the lens of offensive security research. And while we experiment a lot with new targets and methodologies in order to remain at the forefront of the field, it is important that the team doesn’t stray too far from the current state of the art. One of our efforts in this regard is the tracking of publicly known cases of zero-day vulnerabilities. We use this information to guide the research. Unfortunately, public 0-day reports rarely include captured exploits, which could provide invaluable insight into exploitation techniques and design decisions made by real-world attackers. In addition, we believe there to be a gap in the security community’s ability to detect 0-day exploits.
Chrome: Infinity Bug - https://googleprojectzero.blogspot.com/2021/01/in-wild-series-chrome-infinity-bug.html
Android Post-Exploitation - https://googleprojectzero.blogspot.com/2021/01/in-wild-series-android-post-exploitation.html