To empower the next generation of Android security researchers, Google has collaborated with industry partners including HackerOne and PayPal to host a number of Android App Hacking Workshops.

Private Set Membership considers the scenario in which Google holds a database of items, and user devices need to contact Google to check whether a specific item is found in the database.

Google will collaborate with the National Institute of Standards and Technology to support and develop a new framework that will help improve the security and integrity of the technology supply chain.

Google announced that the Android Open Source Project (AOSP) now supports the Rust programming language for developing the OS itself to prevent memory safety vulnerabilities.

Google announced the formation of the Android Ready SE Alliance. SE vendors are joining hands with Google to create a set of open-source, validated, and ready-to-use SE Applets.

Google has published the proof-of-concept (PoC) code that confirms the practicality of Spectre exploits against JavaScript engines. The PoC code is expected to work against all modern browsers.

For consumers of open source software, it is often difficult to map a vulnerability such as a Common Vulnerabilities and Exposures (CVE) entry to the package versions they are using.

The security of open source software has rightfully garnered the industry’s attention, but solutions require consensus about the challenges and cooperation in the execution.

Now, Chrome is giving Advanced Protection users the ability to send risky files to be scanned by Google Safe Browsing’s full suite of malware detection technology before opening the file.

Turning on Enhanced Safe Browsing will substantially increase protection from dangerous websites and downloads.