- How does one start acquiring skills like these?by krtkush - 2 hours ago
- Impressive. Feel like finding issues like this in such a large project is like looking for a needle in a haystackby ad-astra - 2 hours ago
- Kind of life changing money, good to see such rewardsby high_na_euv - 2 hours ago
- "Decent." was the first word that came into my mind. After a second, I realized that 250,000 USD ist basically 0.00022 % of Alphabet's (Google's?) annual net income [0].by MrGilbert - 2 hours ago
A life changing amount of money for an individual, but nothing more than a small blip on Google's charts. Of course, I'm aware of "budgets" and "departments", and that one simply does not move funds between departments. And while my mind is on the verge of "maybe they should have paid more?", the numbers would mean that even 10x the sum would move the percentage by one decimal. It's wild how much money big corporations have.
I highly applaud the researcher for their tremendous amount of skill and dedication.
[0] https://www.reddit.com/r/google/comments/1lh0pl4/google_is_n...
- He had a pretty reliable exploit on the most used browser, pretty sure it he could have gotten more tax free on the black market.by brohee - 1 hour ago
Now, with EDR widely deployed it's likely that the exploit usage ends up being caught sooner than later, but pretty sure some dictatorship intelligence agency would have found all those journalists deep compromise worthwhile...
- Link to the reward comment:by helsinkiandrew - 1 hour ago
- “ Default disclosure for this issue is 11 August. Opening this issue just five days early for visibility this particular week. :)”by strstr - 1 hour ago
Hello Defcon!
- Suppose someone wanted to dive into other projects with the ambition of finding high value bugs. Besides chromium what would you recommend or consider? What would be your thought process for deciding what projects to look into?by colbyn - 1 hour ago
- It is unfortunate that there is no web browser in a memory safe language. As I understand, both Chromium and Firefox use C++, although Firefox partly uses Rust. This has put billions of people at risk.by OutOfHere - 1 hour ago
- Sandbox escape with high-quality report in Chrome: $250k [1], yet Mozilla will offer you $20k [2] for that...by dig1 - 1 hour ago
[1] https://bughunters.google.com/about/rules/chrome-friends/574...
[2] https://www.mozilla.org/en-US/security/client-bug-bounty/
- Is there somewhere explaining this bug in terms understandable for someone not dabbling in this?by matsemann - 1 hour ago
I don't really understand how this works to "escape the sandbox". Normally it's like a website you visit that get access it shouldn't have. But this talk about renderers and native apis make it seem like it's stuff another process on the computer would do?