Writeups
Google Accounts/GAIA XSRF
Google Issue Tracker leak (Fixed)
Identify Tor user across browser restarts (Fixed)
leet.cc account takeover (old bug)
Google Extensions (Awarded $18833.7)
Insecure sandbox on Colaboratory (Awarded $1337, Not Fixed)
googlesource.com access_token leak (Awarded $7500)
CCAI
NoScript
Proton part 2
Google XSS
PDF Page count leak (Awarded $500)
SponsorBlock
AutoFill UI spoof (Awarded $1000)
Proton
Android Crash and UI spoof (Not fixed)
Download limit bypass (Fixed)
Sandbox escape (Awarded $2500)
XSS in native browser UI (Awarded $500)
URL Spoof (Awarded $1000)
Email storage leaking ticket-attachments (Awarded $5000)
Performance API time travel on redirect. (Fixed)
Partitioned HTTP Cache Bypass (Not fixed)
Cross-origin URL disclosure via "history.length" (Awarded $5000)
Gmail XS-Search (Fixed, I hope)
crossOriginIsolated bypass (Awarded $3000)
Google Cloud Shell XSS (Awarded $5000)
Embed users content from Google Cloud Shell in remote iframes (Fixed)
RSS Feed
Chromium reports
Credits
X
Discord
YouTube
This website may store Cookies and use Google Analytics, Opt-out via the
Google Analytics Opt-out Add-on
and
contact me
regarding data deletion.