Today is day 91, so the issue is now public. I consider this relatively low severity, but you could take down an entire Windows fleet relatively easily, so it's worth being aware of. https://bugs.chromium.org/p/project-zero/issues/detail?id=1804 …
-
-
Oh, bounty part was just a humor
My point was, even Chrome can’t do 90 days deadlines for all vulnerabilities. -
I think Chrome has a pretty stellar track record on this, and can totally manage 90 days. Give me the bug number and I'll take a look, it's hard for me to believe they're sitting on a 0day for over a year.
- 12 more replies
New conversation -
-
-
Agreed. Does Google's bug bounty program not allow the submitter to make it all public after 90 days? If their terms block this, it's perhaps their right, but certainly hypocritical. I also agree 90 days is plenty for disclosure.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.