Google has open sourced its fuzzing infrastructure ClusterFuzz that the tech giant developed to find memory corruption bugs in the Chrome browser.
ClusterFuzz is a scalable fuzzing tool that can run on clusters with more than 25,000 cores.
The platform has been available as a free service to open source projects through the OSS-Fuzz service.
“Fuzzing is an automated method for detecting bugs in software that works by feeding unexpected inputs to a target program. It is effective at finding memory corruption bugs, which often have serious security implications.” reads a blog post published by Google.
“Manually finding these issues is both difficult and time consuming, and bugs often slip through despite rigorous code review practices. For software projects written in an unsafe language such as C or C++, fuzzing is a crucial part of ensuring their security and stability.”
The fuzzing test methodology is effective in detecting bugs in software on a large scale, especially when it is directly integrated with the development process.
ClusterFuzz was created more than 8 years ago to provide end-to-end automation, from bug detection, to triage (accurate deduplication, bisection), to bug reporting, and finally to automatic closure of bug reports.
Google confirmed that to date, ClusterFuzz discovered over 16,000 vulnerabilities in Chrome and more than 11,000 vulnerabilities across more than 160 open source projects integrated with OSS-Fuzz.
“It is an integral part of the development process of Chrome and many other open source projects. ClusterFuzz is often able to detect bugs hours after they are introduced and verify the fix within a day.” continues the blog post.
“Check out our GitHub repository. You can try ClusterFuzz locally by following these instructions.”
ClusterFuzz can be also installed locally on a computer cluster.
[adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – ClusterFuzz, hacking)
[adrotate banner=”5″] [adrotate banner=”13″]
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft Windows flaws to its Known Exploited…
Ivanti addressed two Endpoint Manager Mobile (EPMM) software vulnerabilities that have been exploited in limited…
Microsoft Patch Tuesday security updates for May 2025 addressed 75 security flaws across multiple products, including…
Fortinet fixed a critical remote code execution zero-day vulnerability actively exploited in attacks targeting FortiVoice…
Interlock Ransomware 's attack on a defense contractor exposed global defense supply chain details, risking…
Marks and Spencer (M&S) confirms that threat actors stole customer data in the ransomware attack…
This website uses cookies.