Writeups

• SponsorBlock

• AutoFill UI spoof (Awarded $1000)

• Proton

• Android Crash and UI spoof (Not fixed)

• Download limit bypass (Fixed)

• Sandbox escape (Awarded $2500)

• XSS in native browser UI (Awarded $500)

• URL Spoof (Fixed)

• Email storage leaking ticket-attachments (Awarded $5000)

• Performance API time travel on redirect. (Fixed)

• Partitioned HTTP Cache Bypass (Not fixed)

• Cross-origin URL disclosure via "history.length" (Awarded $5000)

• Gmail XS-Search (Fixed, I hope)

• crossOriginIsolated bypass (Awarded $3000)

• Google Cloud Shell XSS (Awarded $5000)

• Embed users content from Google Cloud Shell in remote iframes (Not fixed)

Subscribe via RSS