Google VRP (Google Bug Hunters)

336 posts

Google VRP (Google Bug Hunters)

@GoogleVRP

We ❤️ 🐜🐞🦗🦟🦋. {echo,{{{Google,Chrome,Android,Abuse,Mobile,OSS,Cloud}Vulnerability,Patch}Reward,VulnerabilityResearchGrants}Program}

Katılım Mart 2018

0 Takip Edilen41.4K Takipçiler

Google VRP (Google Bug Hunters)@GoogleVRP·4d

📣📢 Calling all Android and Chrome bug hunters 🧑‍💻🔎! We're updating our Android & Chrome VRP programs to ensure we can continue to reward the most challenging and impactful vulnerabilities researchers find in our products. For details, 👇 bughunters.google.com/blog/evolving-…

English

192

126.9K

Google VRP (Google Bug Hunters)@GoogleVRP·6d

Our Google Cloud VRP researchers don't want to miss this! 🔥 Check out Omer's (@omer_asfu) cross-tenant bucket squatting research.

OmerAF@omer_asfu

I achieved a cross-tenant #RCE in #GoogleCloud simply by abusing predictable bucket names. 🪣 In my latest research for @FocalSecurity, I look into "Bucket Squatting" - a cross-tenant attack that landed me 3 critical vulnerabilities in GCP. Here is how it works:

English

102

12.6K

Google VRP (Google Bug Hunters)@GoogleVRP·8 Nis

📢📢📢 Attention bug hunters! The Google VRP is updating its reward model, with a focus on the impact of vulnerabilities and the sensitivity of the data involved. To this end, we're introducing two dimensions: Information Tiers and Action Criticality. 👀👇 bughunters.google.com/blog/standardi…

English

244

20K

Google VRP (Google Bug Hunters)@GoogleVRP·31 Mar

Ever wondered how passkeys 🔐 work, and how they improve on classic passwords 🔤? For more details, see our latest post, and you'll also learn what makes passkeys particularly resistant against phishing 🐟. bughunters.google.com/blog/passkeys-…

English

10.9K

Google VRP (Google Bug Hunters)@GoogleVRP·19 Mar

📢 Open source security researchers, take note: we've updated the OSS VRP rules! We're emphasizing the need for actionable reports and verifiable reproduction steps – to allow us to focus on critical threats with real-world impact. For more details 👇 bughunters.google.com/blog/ossvrp-ru…

English

7.8K

Google VRP (Google Bug Hunters)@GoogleVRP·13 Mar

GCP VRP Secrets? 🤫 Hear from the program leads! Michael Cote (linkedin.com/in/michaelpatr…) & Darby Hopkins (linkedin.com/in/darbyhopkins) join @ctbbpodcast to talk shop: killer report tips, program insights & boosting your bounty game on Google Cloud. 🎧 youtu.be/7u6xpVhEpBA #GoogleVRP #BugBounty #CloudSecurity #GCP

YouTube

English

8.8K

Google VRP (Google Bug Hunters)@GoogleVRP·12 Mar

Our Google Cloud VRP researchers don't miss! 🔥 Check out @terminatorLM's latest Looker research uncovering 9 novel cross-tenant vulns in Looker. See how it was done: 👇

Liv Matan@terminatorLM

🫣LeakyLooker: 1 Cross-tenant vulnerability? How about 9? (1/10)🧵 I’m incredibly proud to share LeakyLooker. I discovered 9 novel cross-tenant vulnerabilities in Google Cloud’s Looker Studio that broke fundamental design assumptions. Here is how I broke tenant isolation: 👇

English

8.4K

Google VRP (Google Bug Hunters)@GoogleVRP·11 Mar

📣📣📣 Hot off the press: 2025 highlights of Google's vulnerability reward programs! Notably, we awarded an all-time high of over $17 million in rewards 💰 and kicked off the dedicated AI VRP 🤖. Thank you to our incredible bug hunting community 🧑‍💻🧑‍💻🧑‍💻!!! bughunters.google.com/blog/google-vr…

English

16.1K

Google VRP (Google Bug Hunters)@GoogleVRP·10 Mar

📢 Interested in AI and agent security at Google🛡️? This post looks at how we mitigated the risk of URL-based data exfiltration through provenance checks and sanitization – effectively blocking a prompt injection-based exploitation vector. bughunters.google.com/blog/mitigatin…

English

108

19.6K

Google VRP (Google Bug Hunters)@GoogleVRP·9 Mar

Offline authentication on Android 🤖 🔒? Find out how the FIDO alliances's Hybrid transport architecture was expanded to support this crucial scenario, and how this increases reliability and unlocks many new use cases. bughunters.google.com/blog/hybrid-tr…

English

5.8K

Google VRP (Google Bug Hunters)@GoogleVRP·23 Şub

Next up in our series on Android and authentication 🤖 🔒: Learn how the FIDO Alliance's Hybrid protocol has been expanded beyond CTAP messages to also support generic JSON, and which new use cases this extended approach enables. bughunters.google.com/blog/hybrid-pr…

English

4.6K

Google VRP (Google Bug Hunters)@GoogleVRP·10 Şub

Curious how we go about security reviews at Google? In this case, we teamed up with Intel to take a closer look at Intel Trust Domain Extensions (TDX) 1.5 and help secure the confidential computing space! For the details, 👇 bughunters.google.com/blog/a-joint-s…

English

22.6K

Google VRP (Google Bug Hunters)@GoogleVRP·4 Şub

🔒 Want to move beyond passwords? Check out this beginner's guide to Cross-Device Passkeys! Learn how "Hybrid transport" uses QR codes and Bluetooth to let you sign in securely on any device – even public ones – without ever sharing your private keys. bughunters.google.com/blog/passkeys

English

6.5K

Google VRP (Google Bug Hunters)@GoogleVRP·3 Şub

Want to see what elite security research looks like? 🌟 @omer_asfu, one of Google Cloud VRP's best, dropped a cross-tenant finding: CVE-2025-13292 (nvd.nist.gov/vuln/detail/CV…)

OmerAF@omer_asfu

👼GatewayToHeaven (CVE-2025-13292). I discovered a cross-tenant vulnerability in @GoogleCloud's #Apigee, allowing me to access other organizations' data (and sometimes even plaintext JWTs of end users). Below is the full breakdown of the exploit chain⛓️

English

275

24K

Google VRP (Google Bug Hunters)@GoogleVRP·27 Oca

Interested in Android and authentication 🤖 🔒? Our latest post takes a look at how online authentication on Android evolved from simple passwords to more secure methods, and highlights the role of FIDO (Fast Identity Online) Alliance specifications. bughunters.google.com/blog/fido

English

Google VRP (Google Bug Hunters)@GoogleVRP·20 Oca

Want to see what top-notch security research looks like? Look no further than @j_domeracki's latest research, a standout contributor to the Google Cloud VRP! 🪲💪 jdsec.cloud/posts/2026-01-…

English

369

27.3K

Google VRP (Google Bug Hunters)@GoogleVRP·23 Ara

New to hacking? Curious how to break things? 🕵️‍♂️✨ Google CTF Beginner's Quest 2025 is LIVE! 🚀 Tackle challenges crafted to get you started. Sign up, join the fun, and secure your spot on the leaderboard! 🏆 👇 capturetheflag.withgoogle.com/beginners-quest

English

473

32.1K

Google VRP (Google Bug Hunters)@GoogleVRP·15 Ara

📢📢📢 Our Patch Rewards Program rules were updated to explicitly encourage batched submissions, and place every Google-filed OSS vulnerability explicitly into scope (thanks for your feedback). Interested in getting rewarded for your awesome OSS security work? g.co/prp

English

136

21.4K

Google VRP (Google Bug Hunters)@GoogleVRP·12 Ara

Interested in the security of AI Agents 💁🛡️? Then you've likely heard of "prompt injection", but do you know what "task injection" is? If you're curious, check out our latest post for a description and some real-world examples we discovered. bughunters.google.com/blog/482385717… bughunters.google.com/blog/482385717…

English

288

32.2K

Keşfet

@omer_asfu @ctbbpodcast @terminatorLM @j_domeracki @elonmusk @BarackObama @taylorswift13 @cristiano