Google Project Zero security engineer Mateusz Jurczyk, one of the leading experts in font-related security bugs [1, 2, 3] developed this tool named “Broken Type”, an Internal tool that helps security researchers find security bugs in font display
Broken Type is a respectable and battle-tested tool fuzzer, which is a special tool that feeds a software application which analyses outputs for abnormalities with large quantities of random data so that, the developers can identify the bugs in their data similarly helps security researchers identify vulnerabilities that affect libraries which are used for rendering TrueType and OpenType fonts, the two most widespread font formats used today.
Jurczyk also mentioned that, Due to the crucial importance and prevalence of font graticule libraries in practically every desktop and mobile devices, font security issues are highly sought-after by attackers, as one vulnerability alone gives a chance to threat actors to target a multitude of OS versions and its platforms where they also can affect rasterization libraries embedded with more complex software such as Firefox or Adobe Reader, just to name a few.
He also memorized that rarely in recent years major font-related security issue affecting Windows users, such as those reported in 2013, 2015, 2016, 2017, and even this year, in 2018 This is not the first time that Google engineers have open-sourced a fuzzing tool.
A fuzzing tool named Flayer was released by Google in the early years of 2007. At the time, through which Google Engineers found several bugs in projects like OpenSSH, OpenSSL, LibTIFF, and libPNG. So, engineers, later on, brought up open-sourced two other fuzzer called Syzkaller and OSS-Fuzz, one for fuzzing OS kernel components, and the other for fuzzing more mundane and run-of-the-mill open source projects and libraries.
Jurczyk, Concluded mentioning that Google open-sourced Domato in last months of 2017, where a fuzzer can find vulnerabilities in modern browsers that helped Domato engineers identify and report 31 security bugs in modern browsers, most of which were found in Safari.