Search results for: GitHub Pages

A development container allows you to create a full-featured development environment to use in your codespace. Codespaces use the devcontainer.json file to define the environment you will be working in…

We’ve been responding to your feedback – here’s a recap of some changes recently made to Dependabot alerts. Dependabot Alerts details pages now auto-magically refresh after PR generation attempts are…

A tour of recent work to re-engineer Git’s garbage collection process to scale to our largest and most active repositories.

We’ve been gearing up to launch GitHub Universe 2022 and our community has been launching cool projects left right and center.  These projects include everything from world-changing technology to developer…

This blog series will examine Git’s internals to help make your engineering system more efficient. Part I discusses how Git stores its data in packfiles using custom compression techniques.

Marketing your open source project can be intimidating, but three experts share their insider tips and tricks for how to get your hard work on the right people’s radars.

In this post I’ll exploit CVE-2022-20186, a vulnerability in the Arm Mali GPU kernel driver and use it to gain arbitrary kernel memory access from an untrusted app on a Pixel 6. This then allows me to gain root and disable SELinux. This vulnerability highlights the strong primitives that an attacker may gain by exploiting errors in the memory management code of GPU drivers.

In this post I’ll exploit CVE-2022-1134, a type confusion in Chrome that I reported in March 2022, which allows remote code execution (RCE) in the renderer sandbox of Chrome by a single visit to a malicious site. I’ll also look at some past vulnerabilities of this type and some implementation details of inline cache in V8, the JavaScript engine of Chrome.

In this post I’ll exploit CVE-2022-22057, a use-after-free in the Qualcomm gpu kernel driver, to gain root and disable SELinux from the untrusted app sandbox on a Samsung Z flip 3. I’ll look at various mitigations that are implemented on modern Android devices and how they affect the exploit.

Discover how GitHub thinks about browser support, look at usage patterns, and learn about the tools we use to make sure our customers are getting the best experience.

How to interview for skill, not spare time.

We’re excited to announce some big improvements to our REST API documentation. We know developers rely on this documentation to integrate with GitHub, and we are committed to making it trustworthy, easy to find, and easy to use.

Another new release of Git is here! Take a look at some of our highlights on what’s new in Git 2.36.

Each month, we highlight open source projects that have shipped major updates. These include everything from world-changing technology to developer tooling, and weekend projects. Here are our top staff picks…

All npm accounts that do not have two-factor authentication (2FA) enabled will now receive an email with a one-time password (OTP) when authenticating through either the npmjs.com website or the…

Today, we’re shipping improvements to Dependabot alerts that help you more easily understand and remediate vulnerabilities from dependencies in your codebase. Persisted Dependabot alerts Developers can now view alerts that…

With the successful liftoff of the James Webb Space Telescope, we ask our very own Arfon Smith about the history of open source and space science.

How to exploit a double-free vulnerability in Ubuntu’s accountsservice (CVE-2021-3939)

Today we’re introducing enhanced login verification to the npm registry, and we will begin a staged rollout to maintainers beginning Dec 7.

This post is a technical analysis of a recently disclosed Chrome vulnerability in the garbage collector of v8 (CVE-2021-37975) that was believed to be exploited in the wild. This vulnerability was reported by an anonymous researcher and was patched on September 30, 2021 in Chrome version 94.0.4606.71. I’ll cover the root cause analysis of the bug, as well as detailed exploitation.

In this post, I’ll exploit a use-after-free (CVE-2021-30528) in the Chrome browser process that I reported to escape the Chrome sandbox. This is a fairly interesting bug that shows some of the subtleties involved in the interactions between C++ and Java in the Android version of Chrome.