-
Cameyo XSS
-
Android lock screen data leak (Awarded $500)
-
Nuance Library XSS
-
EqualWeb UXSS
-
Google XSS part 2
-
Miscellaneous
-
XS-Search on Google Photos
-
Office Editing for Docs, Sheets & Slides leak (Awarded $3133.70)
-
NoScript part 2
-
lyra.horse XSS
-
UAC Spoof (Not Fixed)
-
SOP bypass in Google Scholar PDF Reader (Fixed)
-
Chromium infra
-
idx.google.com XSS (Awarded $3133.70)
-
Leaking the locations of the top Google VRP Bug hunters
-
Android web attack surface
-
Google Accounts/GAIA XSRF
-
Google Issue Tracker leak (Fixed)
-
Identify Tor user across browser restarts (Fixed)
-
leet.cc account takeover (old bug)
-
Google Extensions (Awarded $18833.7)
-
Insecure sandbox on Colaboratory (Awarded $1337, Not Fixed)
-
googlesource.com access_token leak (Awarded $7500)
-
CCAI
-
NoScript
-
Proton part 2
-
Google XSS
-
PDF Page count leak (Awarded $500)
-
SponsorBlock
-
AutoFill UI spoof (Awarded $1000)
-
Proton
-
Android Crash and UI spoof (Not fixed)
-
Download limit bypass (Fixed)
-
Sandbox escape (Awarded $2500)
-
XSS in native browser UI (Awarded $500)
-
URL Spoof (Awarded $1000)
-
Email storage leaking ticket-attachments (Awarded $5000)
-
Performance API time travel on redirect (Fixed)
-
Partitioned HTTP Cache Bypass (Not fixed)
-
Cross-origin URL detection via "history.length" (Awarded $5000)
-
Gmail XS-Search (Fixed)
-
crossOriginIsolated bypass (Awarded $3000)
-
Google Cloud Shell XSS (Awarded $5000)