Google uses 'fuzzing' to automate Chrome security tests

Google Chrome Security

With projects like Pwn2Own, Google has often made it apparent — to both users and developers — that it sees security as one of its highest priorities in regard to the Chrome browser. An update to The Chromium Blog introduces a security testing environment that it affectionately calls "ClusterFuzz." The humorously named environment uses "fuzz testing," or the distribution of millions of test cases across "several hundred" virtual machines to identify bugs en masse.

Google is stating that ClusterFuzz runs approximately 6,000 simultaneous Chrome in order to analyze crashes, identify patterns in bugs and exploits, and quickly seek out possible fixes. Exploring the specific tests and methodologies that ClusterFuzz employs can get technical in a hurry, but the "Core Principles" page of Chromium Projects is a good jumping off point for those who are curious.

ClusterFuzz was brought online at the end of last year, and since that time it has identified 95 vulnerabilities and was able to find fixes for 44 of them before they were rolled into a stable release. This rapid security testing benefits not only Google and the Chromium Project, but also open source projects WebKit and FFmpeg, where Google makes upstream contributions as bugs are discovered.

The Verge
Log In Sign Up

Log In Sign Up

Forgot password?

We'll email you a reset link.

If you signed up using a 3rd party account like Facebook or Twitter, please login with it instead.

Forgot password?

Try another email?

Almost done,

By becoming a registered user, you are also agreeing to our Terms and confirming that you have read our Privacy Policy.



Choose an available username to complete sign up.

In order to provide our users with a better overall experience, we ask for more information from Facebook when using it to login so that we can learn more about our audience and provide you with the best possible experience. We do not store specific user data and the sharing of it is not required to login with Facebook.