This post is a technical analysis of a recently disclosed Chrome vulnerability in the garbage collector of v8 (CVE-2021-37975) that was believed to be exploited in the wild. This vulnerability was reported by an anonymous researcher and was patched on September 30, 2021 in Chrome version 94.0.4606.71. I’ll cover the root cause analysis of the bug, as well as detailed exploitation.
Secret scanning no longer supports Azure SQL connection strings in private repos
We sat down with Universe hosts Lorena Mesa and Jarryd McCree for a quick Q&A to help you make the most out of your conference experience this year.
Checkout.com and FullStory are now GitHub secret scanning partners
Today, we’re adding a proxy on top of the GitHub Advisory Database that speaks the `npm audit` protocol. This means that every version of the npm CLI that supports security audits is now talking directly to the GitHub Advisory Database.
The npm advisory database is now part of the GitHub Advisory Database
Manage your company in the cloud with more control and governance using enterprise managed users.
In this post, I’ll exploit a use-after-free (CVE-2021-30528) in the Chrome browser process that I reported to escape the Chrome sandbox. This is a fairly interesting bug that shows some of the subtleties involved in the interactions between C++ and Java in the Android version of Chrome.
GitHub Enterprise Cloud Services continuity plan now available for self-service
GitHub Enterprise Server 3.2 is now generally available
This release brings over 70 new features and changes that improve developer experience and deliver new security capabilities.
As part of GitHub’s strong commitment to developer privacy, we are excited to announce updates to our privacy agreements in line with new legal requirements and our own robust data protection practices.
This post is a technical analysis of a recently disclosed Chrome JIT vulnerability (CVE-2021-30632) that was believed to be exploited in the wild. This vulnerability was reported by an anonymous researcher and was patched on September 13, 2021 in Chrome version 93.0.4577.82. I’ll cover the root cause analysis of the bug, as well as detailed exploitation.
GitHub Advisory Database now includes Rust advisories
npm access tokens will now follow the established format of GitHub authentication tokens.
We’re excited to announce that the GitHub Advisory Database now includes curated security advisories on the Rust ecosystem!
Build what’s next on GitHub, the place for anyone from anywhere to build anything.
