Google Employee Makes Cross_Fuzz Security Tool Public

A Google security researcher has publicly released a new tool that previously allowed developers to uncover up to 100 security bugs in a range of web browsers across the market.

The cross_fuzz tool released by Polish Google employee and researcher Michal Zalewski, helps companies and developers to discover flaws in web browsers and quickly patch them before they can be exploited.

In a post on his personal blog, Zalewski said that he believes it is vital to distribute the tool after finding that at least one of the vulnerabilities pinpointed by cross_fuzz may be widely known, after discovering that a Chinese third party had knowledge of a flaw found by the tool in Microsoft's Internet Explorer.

“I have reasons to believe that the evidently exploitable vulnerability discoverable by cross_fuzz, and outlined in msie_crash.txt, is *independently* known to third parties in China,” he wrote in a separate blog post.