Congrats to fluoroacetate , you guys are really incredible! Seems Chrome become the winner in Browser Security again, but together with Melody Chan , ZhenFeng, and jessica_ , we successfully pwned it in a reliable success rate :) youtu.be/FjbrtTePn-c

respect

Learned a lot from dw's work

CVE-2017-5121 Escape Analysis exp101t.blogspot.com/2019/04/cve-20…

太厉害了！

New blogpost by Jeremy Fetiveau "Circumventing Chrome's hardening of typer bugs" doar-e.github.io/blog/2019/05/0…

Project Zero guest blog: "Trashing the Flow of Data" by Stephen Röttger (stephen) - googleprojectzero.blogspot.com/2019/05/trashi…

WebKit: github.com/WebKit/webkit/… , Chromium bugs will be public after 14 weeks.

記得你是何時加入 Twitter 的嗎？我記得！#我的Twitter週年紀念日

bugs.chromium.org/p/chromium/iss… bugs.chromium.org/p/chromium/iss… wow

long time no see

I'm going to give my talk at 11:15 in islander EI about chrome security. Hope to see you there! #BHUSA

JSC: JIT: A bug in ArgumentsEliminationPhase::transform bugs.chromium.org/p/project-zero…

amazing

My last week in KeenLab. Thanks for all friends. Thank Gengming Liu and Liang Chen for bringing me here.

A journey into IonMonkey: root-causing CVE-2019-9810. doar-e.github.io/blog/2019/06/1…

New tricks necessary for debugging v8 with lldb recently: To map the source: (lldb) settings set target.source-map "../../" "/path/to/v8/dir" Somehow v8::internal::Object is now ambiguous, so: (lldb) p _v8_internal_Print_Object(*((void**)(v8_local.val_)))

iOS on QEMU. Super cool project: alephsecurity.com/2019/06/25/xnu… With Checkm8, and this, there's no real need for 'research devices'. The only thing left is to #FreeTheSandbox on PAC enabled prod devices and we're set.

a POC trigger for my CVE-2020-9768, Apple description is not acurate, this is a kernel bug in AppleJPEGDriverUserClient gist.github.com/0x36/3c9e77058…