2025-09-11 –, Main hall
Just as Vulnerability Research is an important area of focus at Google, so is Vulnerability Response to critical and complex security vulnerabilities.
These responses not only safeguards the security of Google's products and users but also extends its reach to millions of devices connected to the Internet, in certain instances, including the case I'm going to share here in details.
In this talk, I'd like to go through a recent incident at Google, including technical details, in which I was the global lead. The incident involves the discovery by a Google's security researcher of a critical CPU vulnerability (Reptar) and the extensive remediation efforts across all of Google's products and systems.
The incident presented a confluence of intriguing technical challenges and unique operational complexities. I plan to elaborate on the strategies employed by Google to address these challenges effectively, emphasizing the time constraints and pressures under which we operated.
I'm a Security Engineer at Google, currently specializing in researching, identifying and remediating critical vulnerabilities in Google's systems & products. I'm also part of the team managing Google's Bughunter Vulnerability Rewards Program.
I've been working in the cybersecurity space since 2007. I've worked at Apple, Meta, Microsoft and now Google.