Learn how Google CVR could have potentially exfiltrated Gemini 1.0 Pro before launch last year. We describe the vulnz, the fix, tips for bughunters, and how we found similar issues in another cloud provider with similar impact.

https://bughunters.google.com/blog/5679863572070400/protecting-large-language-models

We've just launched a new topic on bypassing SameSite cookie restrictions! Learn how to evade browsers' cookie defences and perform successful cross-site attacks with our interactive labs:
https://portswigger.net/web-security/csrf/bypassing-samesite-restrictions

New: Google says Variston IT, a Barcelona-based spyware vendor, is behind an exploitation framework that exploited zero-day flaws in Chrome, Firefox and Windows Defender as far back as 2018.

My colleague @carlypage has more: https://techcrunch.com/2022/11/30/variston-spyware-chrome-firefox-windows/

As a side node, we discovered a Vaudenay-style padding oracle against Google Hosted S/MIME. Concretely, Google’s SMTP server issued different error codes depending on whether it successfully decrypted an S/MIME mail or not. On average, this attack requires 128 query mails per byte to recover the plaintext an S/MIME mail. See Appendix A in the paper for the details.

@gaz My main impression: the DOM Invader prototype pollution feature is almost too good. I click a button, I get an exploit. 😛

Two fun #Kubernetes CVEs were published today!

CVE-2022-3294 [1] is a bypass for the node proxy restrictions (related to the TOCTOU found in CVE-2020-8562 [2].

CVE-2022-3162 [3] is a very cool authorization bug that was caused by URI path traversal in the etcd client.

[1] https://github.com/kubernetes/kubernetes/issues/113757
[2] https://github.com/kubernetes/kubernetes/issues/101493
[3] https://github.com/kubernetes/kubernetes/issues/113756

We've just launched a Web Security Academy topic on Client-side prototype pollution, with challenge labs designed by @gaz - enjoy!

https://portswigger.net/web-security/prototype-pollution

Accidental $70k Google Pixel
Lock Screen Bypass - love a good accidental vulnerability! https://bugs.xdavidhu.me/google/2022/11/10/accidental-70k-google-pixel-lock-screen-bypass/