Google’s Project Zero Exposed Zero-Day Bugs Being Exploited by Western Counterterrorism Agencies

Patrick Howell O’Neill, writing for MIT Technology Review:

Google found the hacking group exploiting 11 zero-day vulnerabilities in just nine months, a high number of exploits over a short period. Software that was attacked included the Safari browser on iPhones but also many Google products, including the Chrome browser on Android phones and Windows computers. […]

Instead of focusing on who was behind and targeted by a specific operation, Google decided to take broader action for everyone. The justification was that even if a Western government was the one exploiting those vulnerabilities today, it will eventually be used by others, and so the right choice is always to fix the flaw today.

I don’t think this was an easy decision, but I think it was the right call. Project Zero’s purpose is to find vulnerabilities and report them to get them fixed, period.

Friday, 9 April 2021