Reading vulnerability and exploit analysis is (and always will be) a hobby of mine. Despite being someone that is fairly comfortable in a debugger, familiar with x86 assembly and has spent 2 decades troubleshooting complex software in large environments, the skill needed to pull off exploiting these vulnerabilities is incredible. When you take into account the work required to bypass somewhat recent developments like stack protection schemes, DEP, and ASLR, building the software to exploit these memory corruption problems is something you can spend your entire life failing at.
Sometimes, I have a hard enough time getting software to do what it's legitimately supposed to do, never mind something it's NOT supposed to do!
As a side note, there is are some folks that are pretty critical of Project Zero. The argument is that Google should be using these brilliant resources on creating defensive measures rather than playing whack-a-mole.
I don't know one way or the other, but I sure enjoy reading what they post on that blog.
It definitely does take a considerable amount of work to get proficient to that level and even more to develop the intuition of where to look. It must be stated, however, that the authors of these blog posts are not attackers. They are proactively finding and demonstrating where software already in common use could be exploited by attackers.
Just like how research into cryptanalysis strengthens cryptography for everybody, research into software vulnerabilities and exploitation strengthens software security for everybody.
