Home / Security / Page 9

Security

Resources for securing your supply chain, building more secure applications, and staying up-to-date with the latest vulnerability research. Get comprehensive insights into the latest security trends—and news from the GitHub Security Lab. You can also check out our documentation on code security on GitHub to find out how to keep your code and applications safe.

One day short of a full chain: Part 1 – Android Kernel arbitrary code execution

In this series of posts, I’ll go through the exploit of three security bugs that I reported, which, when used together, can achieve remote kernel code execution in Qualcomm’s devices by visiting a malicious website in a beta version of Chrome. In this first post, I’ll exploit a use-after-free in Qualcomm’s kgsl driver (CVE-2020-11239), a bug that I reported in July 2020 and that was fixed in January 2021, to gain arbitrary kernel code execution from the application domain.

One day short of a full chain: Part 2 – Chrome sandbox escape

In this second post of the series, I’ll exploit a use-after-free in the Payment component of Chrome (1125614/GHSL-2020-165), a bug that I reported in September 2020 that only affected version 86 of Chrome, which was in beta. I’ll use it to escape the Chrome sandbox to gain privilege of a third party App on Android from a compromised renderer.

The world's largest developer platform

Docs

Docs

Everything you need to master GitHub, all in one place.

GitHub

GitHub

Build what’s next on GitHub, the place for anyone from anywhere to build anything.

Customer stories

Customer stories

Meet the companies and engineering teams that build with GitHub.

Work at GitHub!

Work at GitHub!

Check out our current job openings.