Please RT to people you know who run such programs. I assume you know a vulnerability when you see one? No need for people to spell it out.https://twitter.com/berendjanwever/status/808594443670618112 …
-
-
Replying to @berendjanwever
IIRC, the Chromium program resolves this: submit the bug ASAP and then "upgrade" to an exploit later if you want.
1 reply 0 retweets 3 likes -
Replying to @scarybeasts
Sure. they also try to fix bugs in days if not hours. I am never going to write an exploit faster than they can write a patch.
1 reply 0 retweets 1 like -
Replying to @berendjanwever @scarybeasts
Unless they allow me to write a PoC after the fix.
1 reply 0 retweets 0 likes -
Replying to @berendjanwever
Try reading the details ;-) https://www.google.com/about/appsecurity/chrome-rewards/index.html … TL;DR: you get at least a few weeks.
1 reply 0 retweets 1 like
Replying to @scarybeasts
That's nice. I've got projects running until halfway through February. So if I report at end of January, I may have a shot.
1:01 AM - 13 Dec 2016
0 replies
0 retweets
0 likes
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.