Writeups
SponsorBlock
AutoFill UI spoof (Awarded $1000)
Proton
Android Crash and UI spoof (Not fixed)
Download limit bypass (Fixed)
Sandbox escape (Awarded $2500)
XSS in native browser UI (Awarded $500)
URL Spoof (Fixed)
Email storage leaking ticket-attachments (Awarded $5000)
Performance API time travel on redirect. (Fixed)
Partitioned HTTP Cache Bypass (Not fixed)
Cross-origin URL disclosure via "history.length" (Awarded $5000)
Gmail XS-Search (Fixed, I hope)
crossOriginIsolated bypass (Awarded $3000)
Google Cloud Shell XSS (Awarded $5000)
Embed users content from Google Cloud Shell in remote iframes (Not fixed)
Subscribe
via RSS