Google has open sourced its fuzzing infrastructure ClusterFuzz that the tech giant developed to find memory corruption bugs in the Chrome browser.
ClusterFuzz is a scalable fuzzing tool that can run on clusters with more than 25,000 cores.
The platform has been available as a free service to open source projects through the OSS-Fuzz service.
“Fuzzing is an automated method for detecting bugs in software that works by feeding unexpected inputs to a target program. It is effective at finding memory corruption bugs, which often have serious security implications.” reads a blog post published by Google.
“Manually finding these issues is both difficult and time consuming, and bugs often slip through despite rigorous code review practices. For software projects written in an unsafe language such as C or C++, fuzzing is a crucial part of ensuring their security and stability.”
The fuzzing test methodology is effective in detecting bugs in software on a large scale, especially when it is directly integrated with the development process.
ClusterFuzz was created more than 8 years ago to provide end-to-end automation, from bug detection, to triage (accurate deduplication, bisection), to bug reporting, and finally to automatic closure of bug reports.
Google confirmed that to date, ClusterFuzz discovered over 16,000 vulnerabilities in Chrome and more than 11,000 vulnerabilities across more than 160 open source projects integrated with OSS-Fuzz.
“It is an integral part of the development process of Chrome and many other open source projects. ClusterFuzz is often able to detect bugs hours after they are introduced and verify the fix within a day.” continues the blog post.
“Check out our GitHub repository. You can try ClusterFuzz locally by following these instructions.”
ClusterFuzz can be also installed locally on a computer cluster.
[adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – ClusterFuzz, hacking)
[adrotate banner=”5″] [adrotate banner=”13″]
Cisco addressed multiple vulnerabilities in IOS and IOS XE software that can be exploited to…
Google's Threat Analysis Group (TAG) and Mandiant reported a surge in the number of actively…
Google addressed two zero-day vulnerabilities in the Chrome web browser that have been demonstrated during…
The INC Ransom extortion group hacked the National Health Service (NHS) of Scotland and is threatening…
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Microsoft SharePoint vulnerability disclosed at the…
This is the advantage of Data Detection and Response (DDR) for organizations aiming to build…
This website uses cookies.