Tim Willis

Some personal news: I'm thrilled to be moving back to Project Zero! Specifically I'll be joining the Big Sleep project to find vulnerabilities in JavaScript engines. We've already found and reported our first vulnerability in V8 last week: issuetracker.google.com/issues/4362107…

If you've been keeping track on the Big Sleep bug tracker at goo.gle/bigsleep you might have noticed it lists more bugs now compared to last week. Including a "High impact issue in V8" :)

That time when @tehjh was just reviewing a new Linux kernel feature, found a security vuln, then went on a journey to see if he could exploit it from inside the Chrome Linux Desktop renderer sandbox (spoiler: very yes) googleprojectzero.blogspot.com/2025/08/from-c…

Today @Google Project Zero announced a new trial policy: Reporting Transparency. We’ll now share when we report a security vuln to a vendor within 1 week including products + deadlines. Goal: shrink the patch gap + drive faster, safer updates for users: googleprojectzero.blogspot.com/2025/07/report…

Great to see this live! Let's see how the trial pans out 🍿👀

Part 7 (!) of @j00ru's Windows Registry adventure is now live: googleprojectzero.blogspot.com/2025/05/the-wi… "I will describe the various areas that are important in the context of low-level security research... all possible entry points to attack the registry... and the primitives they generate"🙌

For those that won't be in Germany next weekend to see @dillon_franke live, this is the next best thing! (post also includes Dillon's fuzzing harness and tools Dillon built along the way) 🎉

...and now, introducing Part 6 of @j00ru's work on the Windows Registry: googleprojectzero.blogspot.com/2025/04/the-wi… 📖👀

@i41nbeer's dive into BLASTPASS, over a year in the making: googleprojectzero.blogspot.com/2025/03/blasti… "This is the second in-the-wild NSO exploit which relied on simply renaming a file extension to access a parser in an unexpected context which shouldn't have been allowed."

Two new posts from @tiraniddo today: googleprojectzero.blogspot.com/2025/01/window… on reviving a memory trapping primitive from his 2021 post. googleprojectzero.blogspot.com/2025/01/window… where he shares a bug class and demonstrates how you can get a COM object trapped in a more privileged process. Happy Reading! 📚

@B_Shamshirsaz base salary is listed on the job ad 👍

@itswillis And how much is the salary for this role?

It doesn't happen very often, but Project Zero is hiring! goo.gle/41DBQBY Please share with anyone you think would be awesome for the role 🎉 Looking for at least one person. DMs open if you want to reach out about the role. The team: youtu.be/My_13FXODdU

@B_Shamshirsaz ideally looking for that rare human that can do 0day vuln research on top-shelf products, perhaps some exploit dev as well... mixed with someone who can stay humble and share knowledge to help vuln reserach/software devs/colleagues. I lead a team of them - looking for 1 more!🦄

@itswillis Tim, what exactly you want to be done? 😉

@jackfromeast @sajjadium Unfortunately not for 2025 (northern hemisphere summer) at this stage - I'll shout out if that changes

@itswillis @sajjadium Hey, is your group looking for 2025 summer interns?

Part 5 of @j00ru's Windows Registry Adventure is out! googleprojectzero.blogspot.com/2024/12/the-wi… Incredible depth of knowledge on display, and good to see it shared as a reference with the world ❤️

Great to see Apple quickly patch the MacOS sandbox escape/privilege escalation vulnerability I reported to them. Big thanks to @NedWilliamson, @i41nbeer, and @i41nbeer for all the help :) I'm working on a blog post and hope to release it soon!!

My blog post is now live alongside @amnesty 's joint release, providing remarkable insight into an ITW exploitation campaign! googleprojectzero.blogspot.com/2024/12/qualco… Turns out that you can find out quite a bit with just some kernel stacktraces ;) From Amnesty: securitylab.amnesty.org/latest/2024/12…

If you've ever wondered if one can determine a vuln from just the kernel panic logs, @__sethJenkins (feat. @tehjh & @benoitsevens) have something to share: googleprojectzero.blogspot.com/2024/12/qualco… Great to collaborate with @amnesty, find vulns and get them fixed: securitylab.amnesty.org/latest/2024/12…

Finding 0day is not the most impactful thing that Project Zero does 😲 — it's sharing knowledge 🧠. One part of that sharing is our tooling work to help other devs and reserachers. Today's installment, @tiraniddo's updated OleView.NET👍 Blog: googleprojectzero.blogspot.com/2024/12/window…

@ifsecure's latest blog + tooling on Apple kernel extension fuzzing (including with shoutouts to other projects in this space). Sharing is caring ❤️