Carl Smith

316 posts

Carl Smith

@cffsmith

Security @Google; @FluxFingers/@Sauercl0ud; previously V8 Security, Intern {Project Zero, @XI_Research}. Personal account. https://t.co/w9zosKSHdh on Bluesky.

Switzerland, Germany, USA 参加日 Mayıs 2014

720 フォロー中1.1K フォロワー

Carl Smith がリツイート

POC_Crew@POC_Crew·3 Mar

#Zer0Con2026 - SPEAKER 🎃 Pumpkin Chang(@u1f383) from DEVCORE - “Modern Android Kernel Exploitation Through a Mali Driver Vulnerability” For more: zer0con.org

English

117

4.5K

Carl Smith がリツイート

POC_Crew@POC_Crew·3 Mar

#Zer0Con2026 - SPEAKER 🌌 Brendon Tiszka from Google Project Zero - “Researcher’s Guide to the Galaxy: Digging into Samsung 0-click, Android Messengers, DNG, and other image formats” For more: zer0con.org

English

2.8K

Carl Smith がリツイート

Samuel Groß@5aelo·29 Eki

We derestricted crbug.com/382005099 today which might just be my favorite bug of the last few years: bad interaction between WebAudio changing the CPU's handling of floats and V8 not expecting that. See #comment19" target="_blank" rel="nofollow noopener">crbug.com/382005099#comm… for a PoC exploit. Also affected other browsers

English

245

22.1K

Carl Smith がリツイート

Samuel Groß@5aelo·25 Eki

I'm pretty excited about this (POE2 in particular)! It's basically what we've been preparing for with the PKEY-based hardware sandboxing prototype for V8 (docs.google.com/document/d/1l3…)

Dmitry Vyukov@dvyukov

More HW security goodness from Arm: community.arm.com/arm-community-… vMTE (Virtual Memory Tagging) allows to use MTE in a more flexible way, consuming less RAM. POE2 allows to build efficient in-process sandboxes and isolation. More-or-less improvement over x86 Memory Protection Keys.

English

13.3K

Carl Smith がリツイート

stephen@_tsuro·10 Ağu

If you like Chrome IPC shenanigans like this, you might also enjoy my talk from black hat 25: youtu.be/qhhJCLy0YBA?si…

YouTube

xvonfers@xvonfers

Whoah... $250000 (CVE-2025-4609, similar to CVE-2025-2783/412578726)[412578726][Mojo][IpczDriver]ipcz bug -> renderer duplicate browser process handle -> escape sbx is now open with PoC & exploit(success rate is nearly 70%-80%) issues.chromium.org/issues/4125787… #comment11" target="_blank" rel="nofollow noopener">issues.chromium.org/issues/4125787…

English

225

37.4K

Carl Smith がリツイート

Tim Willis@itswillis·8 Ağu

That time when @tehjh was just reviewing a new Linux kernel feature, found a security vuln, then went on a journey to see if he could exploit it from inside the Chrome Linux Desktop renderer sandbox (spoiler: very yes) googleprojectzero.blogspot.com/2025/08/from-c…

English

132

23.9K

Carl Smith がリツイート

Samuel Groß@5aelo·1 Ağu

We released our Fuzzilli-based V8 Sandbox fuzzer: github.com/googleprojectz… It explores the heap to find interesting objects and corrupts them in a deterministic way using V8's memory corruption API. Happy fuzzing!

English

294

24.2K

Carl Smith がリツイート

Samuel Groß@5aelo·9 Tem

If you have a machine with PKEY support and recent Linux kernel you can now play around with hardware support for the V8 sandbox. When active, JS + Wasm code has no write permissions outside the sandbox address space. To enable, set `v8_enable_sandbox_hardware_support = true`.

English

11.4K

Carl Smith がリツイート

Samuel Groß@5aelo·3 Haz

@mistymntncop I've also updated our V8 Exploit Tracker sheet now: docs.google.com/document/d/1nj… (see the 2025 tab) :)

English

4.4K

Carl Smith がリツイート

Tim Willis@itswillis·17 Nis

...and now, introducing Part 6 of @j00ru's work on the Windows Registry: googleprojectzero.blogspot.com/2025/04/the-wi… 📖👀

Tim Willis@itswillis

Part 5 of @j00ru's Windows Registry Adventure is out! googleprojectzero.blogspot.com/2024/12/the-wi… Incredible depth of knowledge on display, and good to see it shared as a reference with the world ❤️

English

10.1K

Carl Smith がリツイート

Ian Beer@i41nbeer·26 Mar

My writeup of the 2023 NSO in-the-wild iOS zero-click BLASTDOOR webp exploit: Blasting Past Webp - googleprojectzero.blogspot.com/2025/03/blasti…

English

234

712

84.9K

Carl Smith がリツイート

stephen@_tsuro·25 Mar

Senior Software Engineer, V8 Bug Detection: google.com/about/careers/… Software Engineer II, V8 Bug Detection: google.com/about/careers/…

English

3.8K

Carl Smith がリツイート

stephen@_tsuro·25 Mar

V8 Security is hiring in Warsaw! If you want to work on improving our JavaScript and Wasm fuzzers, check out the links below!

English

22.5K

Carl Smith がリツイート

Ivan Fratric 💙💛@ifsecure·26 Şub

I tweeted before about the Apple CoreAudio issues found by Google TAG. Well, the fuzz harness used to find these issues is now included in Jackalope examples, see github.com/googleprojectz… . Happy fuzzing! :)

Ivan Fratric 💙💛@ifsecure

The latest Apple security update contains fixes for three CoreAudio issues (CVE-2025-24160, CVE-2025-24161, CVE-2025-24163). These were found by Google Threat Analysis Group using Jackalope fuzzer.

English

182

30.1K

Carl Smith がリツイート

Mr. Anthony 安東尼@darkfloyd1014·20 Şub

Congratulations to Carl Smith from v8 Security team and join Blackhat USA review board as guest reviewer. He is willing to share, and an open-minded, hardcore researcher and developer. @cffsmith @BlackHatEvents

English

1.4K

Carl Smith@cffsmith·4 Şub

Make sure to update to the latest swift version too!

English

1.1K

Carl Smith@cffsmith·4 Şub

Some slides discussing some of this work can be found here: powerofcommunity.net/poc2024/Carl%2…

English

1.4K

Carl Smith@cffsmith·4 Şub

I’m very excited to announce that we at V8 Security have finally published our first version of Fuzzilli that understands Wasm! Go check it out at github.com/googleprojectz…. While we still have a way to go in improving it, we think it shows a promising approach!

English

109

474

37.4K

Carl Smith がリツイート