Chrome Fuzzathon starts today!
Max Moroz
Hi everyone,
Let me inform you that today we are starting the first-ever Chrome Fuzzathon, the dates of Fuzzathon are 15 Aug - 15 Sep.
Fuzzathon encourages developers like you to write target functions (or, a unittest-style fuzzer) for Chrome and its components. The main goals of this activity are (1) increase test coverage of Chrome (via more fuzzers running 24/7 on ClusterFuzz) and (2) demonstrate that writing a target function is no harder than writing a unittest, but may be more impactful!
To learn more, please check out our recent blogpost in Google Security Blog and documentation on using LibFuzzer in Chrome.
We have the following nominations for the top performers:
The most productive fuzzer (a target function that finds more bugs that any other fuzzer)
The fastest fuzzer (a target function with the highest executions per second value)
The highest coverage fuzzer (a target function with the highest coverage value, measured in % of edges)
The best fuzzer writer (a developer whose target functions find more bugs than all target functions of any other developer do)
The most fertile fuzzer writer (a developer who lands more target functions than any other developer)
On behalf of Chrome Security and Chrome Stability, please join the Fuzzathon!
Thanks,
Max
Chrome Security Bugs--
Max
Two weeks have passed since start of the first-ever Chrome Fuzzathon. Some statistics so far:
9 new target functions (i.e. fuzzers) landed
7 developers participated
13 bugs found
3 of them already fixed!
2 bugs in documentation reported and fixed
Another interesting change: FuzzedDataProvider class moved from //net to //base and can be easily used to fuzz any part of Chromium (example). It may be helpful when you need to split the data (to randomize values of some flags, for example) in your target function.
We are happy to see your activity, your feedback and looking forward to you landing more fuzzers and finding more bugs! We have almost 3 weeks to do more!
