Clik here to view.
Coordinated Disclosure: 1-Click RCE on GNOME (CVE-2023-43641)
Today, in coordination with Ilya Lipnitskiy (the maintainer of libcue) and the distros mailing list, the GitHub Security Lab is disclosing CVE-2023-43641, a memory corruption vulnerability in libcue....
View ArticleGetting RCE in Chrome with incomplete object initialization in the Maglev...
In this post I’ll exploit CVE-2023-4069, a type confusion vulnerability that I reported in July 2023. The vulnerability—which allows remote code execution (RCE) in the renderer sandbox of Chrome by a...
View ArticleCybersecurity spotlight on bug bounty researcher @Ammar Askar
The GitHub bug bounty team is excited to close out Cybersecurity Awareness Month with another spotlight on a talented security researcher who participates in the GitHub Security Bug Bounty Program,...
View ArticleClik here to view.
Securing our home labs: Home Assistant code review
Introduction In July, the GitHub Security Lab team conducted a collaborative review of one of our favorite software pieces. While it’s not uncommon for our Security Lab researchers to work together on...
View ArticleClik here to view.
Addressing post-quantum cryptography with CodeQL
When you hear the words, “quantum computing,” it sounds like something out of a science fiction movie. Yet in recent years, quantum computing has become a hot topic, especially in the world of...
View ArticleClik here to view.
Cueing up a calculator: an introduction to exploit development on Linux
In this follow-up to my previous blog post, I’ll explain how to exploit CVE-2023-43641 (a memory corruption vulnerability in libcue) to create a reliable 1-click RCE on Ubuntu 23.04 and Fedora 38. I...
View ArticleClik here to view.
Securing our home labs: Frigate code review
At GitHub Security Lab, we are continuously analyzing open source projects in line with our goal of keeping the software ecosystem safe. Whether by manual review, multi-repository variant analysis, or...
View ArticleClik here to view.
Gaining kernel code execution on an MTE-enabled Pixel 8
In this post, I’ll look at CVE-2023-6241, a vulnerability in the Arm Mali GPU that I reported to Arm on November 15, 2023 and was fixed in the Arm Mali driver version r47p0, which was released publicly...
View ArticleClik here to view.
Security research without ever leaving GitHub: From code scanning to CVE via...
Hello fellow readers! Have you ever wondered how the GitHub Security Lab performs security research? In this post, you’ll learn how we leverage GitHub products and features such as code scanning,...
View ArticleClik here to view.
CodeQL zero to hero part 3: Security research with CodeQL
I’ve written a bit in the past about static analysis (CodeQL zero to hero part 1: Fundamentals of static analysis) and basics of writing CodeQL queries (CodeQL zero to hero part 2: Getting started...
View ArticleClik here to view.
Execute commands by sending JSON? Learn how unsafe deserialization...
Can an attacker execute arbitrary commands on a remote server just by sending JSON? Yes, if the running code contains unsafe deserialization vulnerabilities. But how is that possible? In this blog...
View ArticleClik here to view.
Attack of the clones: Getting RCE in Chrome’s renderer with duplicate object...
In this post, I’ll exploit CVE-2024-3833, an object corruption bug in v8, the Javascript engine of Chrome, that I reported in March 2024 as bug 331383939. A similar bug, 331358160, was also reported...
View ArticleCybersecurity spotlight on bug bounty researcher @imrerad
As we kick off Cybersecurity Awareness Month, the GitHub Bug Bounty team is excited to spotlight one of the top performing security researchers who participates in the GitHub Security Bug Bounty...
View ArticleClik here to view.
10 years of the GitHub Security Bug Bounty Program
Each year, we celebrate the GitHub Security Bug Bounty program, highlighting impressive bugs and researchers, rewards, live hacking events, and more. This year, we celebrate a new milestone: 10 years...
View ArticleCybersecurity spotlight on bug bounty researcher @adrianoapj
As we wrap up Cybersecurity Awareness Month, the GitHub Bug Bounty team is excited to spotlight one of the top performing security researchers who participates in the GitHub Security Bug Bounty...
View Article