Natalie Silvanovich

@[email protected]
1,061 Followers
129 Following
77 Posts
Tamagotchi hacker. Google Project Zero. she/her
Natalie Silvanovich3d ago

There’s a little piece of my heart that beats just for Spanify

https://groups.google.com/a/chromium.org/g/chromium-dev/c/iEy69ygz-rs

Introducing Spanification

Natalie SilvanovichApr 13

Amazing work by Meta implementing fast and robust WebRTC updates!

“We can’t push updates because …” can often be solved with investment and innovative engineering

https://engineering.fb.com/2026/04/09/developer-tools/escaping-the-fork-how-meta-modernized-webrtc-across-50-use-cases/

Escaping the Fork: How Meta Modernized WebRTC Across 50+ Use Cases

At Meta, WebRTC powers real-time audio and video across various platforms. But forking a large open-source project like WebRTC within our monorepo presents unique challenges – over time, an interna…

Engineering at Meta
Natalie SilvanovichMar 31
Just put a reminder in my calendar for November 1, 2026 to check whether we still have bugs
Natalie SilvanovichMar 5

Ivan Fratric shares some tips and tricks for grammar fuzzing

https://projectzero.google/2026/03/mutational-grammar-fuzzing.html

On the Effectiveness of Mutational Grammar Fuzzing

Mutational grammar fuzzing is a fuzzing technique in which the fuzzer uses a predefined grammar t...

Natalie SilvanovichMar 4
Natalie SilvanovichJan 30

Our intrepid 20%-er @dillonfranke exploited a vulnerability in CoreAudio. See his process for gaining privilege escalation on a Mac:

https://projectzero.google/2026/01/sound-barrier-2.html

Breaking the Sound Barrier, Part II: Exploiting CVE-2024-54529 - Project Zero

In the first part of this series, I detailed my journey into macOS security research, which led to the discovery of a type confusion vulnerability (CVE-2024-...

Show threadNatalie SilvanovichJan 15
Make sure to check out the full series here: https://projectzero.google/2026/01/pixel-0-click-part-1.html
A 0-click exploit chain for the Pixel 9 Part 1: Decoding Dolby - Project Zero

Over the past few years, several AI-powered features have been added to mobile phones that allow users to better search and understand their messages. One ef...

Show threadNatalie SilvanovichJan 15
Supply-chain issues also played a role: both vulnerabilities were patched very slowly, due to a variety of factors including bug prioritization, licensing and communication between vendors.
Show threadNatalie SilvanovichJan 15

Attack surface reduction is also important— the UDC is largely used by commercial media like TV shows, most devices don’t even have an encoder.

Does it really need to be 0-click?

Show threadNatalie SilvanovichJan 15
IMO, the biggest takeaway from this research is the huge promise shown by memory mitigations, both hardware and software, in protecting users against 0-days.