Repository for information about 0-days exploited in-the-wild.
Home Page: https://googleprojectzero.github.io/0days-in-the-wild
License: Apache License 2.0
This repository is a reference of documents about 0-day vulnerabilities detected as exploited in-the-wild. It includes both root cause analyses (RCAs) for each 0-day exploit as well as a table tracking each 0-day.
These documents are intended to be viewed via the Github Pages: https://googleprojectzero.github.io/0days-in-the-wild
This is not an officially supported Google product.
is real CVE-2021-30858 writeup still coming?
Almost 3 months passed, did it get cancelled or something?
Looking forward to hearing new info about it.
Thanks and keep up the good work!
https://github.com/googleprojectzero/0days-in-the-wild/blob/main/0day-RCAs/2020/CVE-2020-15999.md
contains the text "a Chrome-specific UAF (CVE-2020-16010)"
However CVE-2020-16010 (https://github.com/googleprojectzero/0days-in-the-wild/blob/main/0day-RCAs/2020/CVE-2020-16010.md) describes itself as a "Heap Buffer Overflow". Its description also reads like a heap overflow, so I believe it's the CVE-2020-15999 page which is in error, not the CVE-2020-16010 page.
On https://googleprojectzero.github.io/0days-in-the-wild/rca.html there is a
<head>
...
<link type="application/atom+xml" rel="alternate" href="https://googleprojectzero.github.io/0days-in-the-wild/0days-in-the-wild/feed.xml" title="0-days In-the-Wild" />
</head>
Tag, indicating that an RSS feed exists there, however, the link 404's because the /0days-in-the-wild part is duplicated. Visiting https://googleprojectzero.github.io/0days-in-the-wild/feed.xml also appears to show incorrect paths, and no results. Should an RSS feed of the 0days show the results from the page? Or is this not to be expected.
In the CVE-2021-1647 RCA, when describing malicious sample with a SHA256 hash of 6e1e9fa0334d8f1f5d0e3a160ba65441f0656d1f1c99f8a9f1ae4b1b1bf7d788 it says its headers are "[ (0,0), (0,0), (0x2000,0), (0x2000,0x3000) ]" (which I took to mean the 0th section header was an RVA of 0, size of 0, etc up through RVA 0x2000, size 0x3000). However, when opening the 6e1e9fa0334d8f1f5d0e3a160ba65441f0656d1f1c99f8a9f1ae4b1b1bf7d788 sample from https://bazaar.abuse.ch/sample/6e1e9fa0334d8f1f5d0e3a160ba65441f0656d1f1c99f8a9f1ae4b1b1bf7d788/ , the section headers do not match those described in the post. I'm wondering why this is the case?
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google โค๏ธ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.