Uncovering GStreamer secrets

In this post, I’ll walk you through the vulnerabilities I uncovered in the GStreamer library and how I built a custom fuzzing generator to target MP4 files.

The post Uncovering GStreamer secrets appeared first on The GitHub Blog.

CodeQL zero to hero part 4: Gradio framework case study

Learn how I discovered 11 new vulnerabilities by writing CodeQL models for Gradio framework and how you can do it, too.

The post CodeQL zero to hero part 4: Gradio framework case study appeared first on The GitHub Blog.

Attacking browser extensions

Learn about browser extension security and secure your extensions with the help of CodeQL.

The post Attacking browser extensions appeared first on The GitHub Blog.

Securing the open source supply chain: The essential role of CVEs

Vulnerability data has grown in volume and complexity over the past decade, but open source and programs like the Github Security Lab have helped supply chain security keep pace.

The post Securing the open source supply chain: The essential role of CVEs appeared first on The GitHub Blog.

From object transition to RCE in the Chrome renderer

In this post, I’ll exploit CVE-2024-5830, a type confusion in Chrome that allows remote code execution (RCE) in the renderer sandbox of Chrome by a single visit to a malicious site.

The post From object transition to RCE in the Chrome renderer appeared first on The GitHub Blog.

Configure GitHub Artifact Attestations for secure cloud-native delivery

Introducing the generally available capability of GitHub Artifact Attestations to secure your cloud-native supply chain packages and images.

The post Configure GitHub Artifact Attestations for secure cloud-native delivery appeared first on The GitHub Blog.

3 ways to get Remote Code Execution in Kafka UI

In this blog post, we’ll explain how we discovered three critical vulnerabilities in Kafka UI and how they can be exploited.

The post 3 ways to get Remote Code Execution in Kafka UI appeared first on The GitHub Blog.