Google hires browser hacking guru

Zalewski, a 26-year-old computer security whiz from Poland, joined the search engine giant about a week ago to work as an Information Security Engineer.

He confirmed the move via e-mail but declined to discuss specifics about the new gig.

[SEE: Google’s anti-malware team comes out of the shadows ]

The Zalewski hire is significant on several fronts. It adds a brand-name hacker to Google's security team (the company has been looking for talent at hacker cons) at a time when it is struggling to cope with gaping holes in its line of products and, in a roundabout way, stops the public release of zero-day browser vulnerabilities.

Zalewski, who has been credited in the past with finding several major vulnerabilities (buffer overflow in SendMail, weaknesses in TCP/IP ISNs, code execution hole in IE's JPG rendering) has spent most of 2007 releasing details of severe holes in Internet Explorer and Firefox -- constantly cracking the browsers' security models.

In February, Zalewski paid special attention to Mozilla Firefox. On an almost-daily basis, he published proof-of-concept exploits for zero-day bugs in the open-source and forced Mozilla security engineers to constantly work on creating patches.

[SEE: Gaping holes exposed in fully-patched IE 7, Firefox ]

Microsoft's IE did not escape Zalewski's scrunity. Last month, he dropped exploits for several serious IE vulnerabilities, some of which remain unpatched.