Tenable, the exposure management company, has identified a vulnerability in Google’s open-source code review system, Gerrit, dubbed GerriScary. The vulnerability allowed unauthorised code submission to at least 18 major Google projects, including ChromiumOS (CVE-2025-1568), Chromium, Dart, and Bazel. GerriScary could have allowed attackers to submit unauthorised code revisions to existing change requests, bypassing manual approvals and enabling malicious code injection into major projects.
Showing posts with label GerriScary. Show all posts
Showing posts with label GerriScary. Show all posts
04 July 2025
Subscribe to:
Posts (Atom)