Bug Bytes #194 – Google’s highest bounty of 2022, making extensions and Chaos goes into beta

By travisintigriti

February 28, 2023

Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The second series is curated by InsiderPhD. Every week, she keeps us up to date with a comprehensive list of write-ups, tools, tutorials and resources.

This issue covers the weeks from February 20th to February 26th


Intigriti News

From my notebook

This week Google reflected on it’s vulnerability management program, which is their bug bounty program. So the first two links are their blogpost and a podcast episode which gives a little more context. Number 3 is a great introduction to how chrome extensions are created and particularly the kind of permissions you give them when you install it. Finally, the last 2 are about some specialist skills, first of hardware tools for IoT/physical device security and then a look at version control using .git and how that became an RCE.

  1. Vulnerability Reward Program: 2022 Year in Review

  2. EP109 How Google Does Vulnerability Management: The Not So Secret Secrets!

  3. Let’s build a Chrome extension that steals everything

  4. Unlocking the Secrets of IoT Security: A Comprehensive Guide to Using Hardware Tools for Bug…

  5. $10.000 bounty for exposed .git to RCE

Other Amazing Things

You may also like