Google VRP (Google Bug Hunters)

343 posts

Google VRP (Google Bug Hunters)

@GoogleVRP

We ❤️ 🐜🐞🦗🦟🦋. {echo,{{{Google,Chrome,Android,Abuse,Mobile,OSS,Cloud}Vulnerability,Patch}Reward,VulnerabilityResearchGrants}Program}

Katılım Mart 2018

0 Takip Edilen41.9K Takipçiler

Google VRP (Google Bug Hunters)@GoogleVRP·6d

Check out Tomas' post and article on hacking Google using Git integrations. One of these reports even won him Most Valuable Hacker (MVH) at Google's bugSWAT event in Vegas last year!

nopnop@__nopnop

The written version of my BSides Riga and @bsidesvilnius talks is up: exploiting git integrations in cloud services, with four bugs I found in GCP (Looker, Dataform), including the one that won me MVH. nopnop.pro/2026/06/17/exp…

English

142

13K

Google VRP (Google Bug Hunters)@GoogleVRP·12 Haz

"brutecat is super talented", "luckily I'm not oncall ;)", "incredible" These are all real quotes from Googlers after seeing this blog post. Amazing work @brutecat, thank you for sharing!

skull@brutecat

Hacking Google with A.I. for $500,000 brutecat.com/r/hacking-goog…

English

564

35.3K

Google VRP (Google Bug Hunters)@GoogleVRP·8 Haz

📢 PSA for security researchers! In our latest post, we're taking a closer look at how Google Spark (which was recently launched) works, ways to approach bug hunting in Spark, and how to distinguish high-impact vulnerabilities from expected system behavior 👇 bughunters.google.com/blog/spark-rel…

English

107

9.2K

Google VRP (Google Bug Hunters)@GoogleVRP·4 Haz

📣Blast from the past📣 This post takes us back to a flaw discovered in 2010: while technology has advanced, the general story of how the flaw was detected is still a great example of effectively identifying and remediating a security issue. bughunters.google.com/blog/bit-rot-d…

English

3.2K

Google VRP (Google Bug Hunters)@GoogleVRP·2 Haz

📢 More on Google's approach to post-quantum cryptography 🔐 This time, we're taking a closer look at digital signatures and the complex challenges they present, and discussing the opinionated paths we are taking at Google in this space. bughunters.google.com/blog/next-with…

English

4.1K

Google VRP (Google Bug Hunters)@GoogleVRP·28 May

More on passkeys 🔐! This time we are focusing on storage options, in particular the differences between using a password manager vs. a hardware security key to store your credentials, and why you might choose one option over the other. bughunters.google.com/blog/hardware-…

English

2.4K

Google VRP (Google Bug Hunters)@GoogleVRP·11 May

In April 2026, we held the latest edition of bugSWAT (our live event for security researchers) in Seoul, South Korea. For more information on this edition's focus, its impact & winners, as well as bugSWAT in general, see 👇 bughunters.google.com/blog/bugswat-i…

English

7.4K

Google VRP (Google Bug Hunters)@GoogleVRP·30 Nis

📣📢 Calling all Android and Chrome bug hunters 🧑‍💻🔎! We're updating our Android & Chrome VRP programs to ensure we can continue to reward the most challenging and impactful vulnerabilities researchers find in our products. For details, 👇 bughunters.google.com/blog/evolving-…

English

207

144K

Google VRP (Google Bug Hunters)@GoogleVRP·28 Nis

Our Google Cloud VRP researchers don't want to miss this! 🔥 Check out Omer's (@omer_asfu) cross-tenant bucket squatting research.

OmerAF@omer_asfu

I achieved a cross-tenant #RCE in #GoogleCloud simply by abusing predictable bucket names. 🪣 In my latest research for @FocalSecurity, I look into "Bucket Squatting" - a cross-tenant attack that landed me 3 critical vulnerabilities in GCP. Here is how it works:

English

102

13.8K

Google VRP (Google Bug Hunters)@GoogleVRP·8 Nis

📢📢📢 Attention bug hunters! The Google VRP is updating its reward model, with a focus on the impact of vulnerabilities and the sensitivity of the data involved. To this end, we're introducing two dimensions: Information Tiers and Action Criticality. 👀👇 bughunters.google.com/blog/standardi…

English

242

20.8K

Google VRP (Google Bug Hunters)@GoogleVRP·31 Mar

Ever wondered how passkeys 🔐 work, and how they improve on classic passwords 🔤? For more details, see our latest post, and you'll also learn what makes passkeys particularly resistant against phishing 🐟. bughunters.google.com/blog/passkeys-…

English

11.2K

Google VRP (Google Bug Hunters)@GoogleVRP·19 Mar

📢 Open source security researchers, take note: we've updated the OSS VRP rules! We're emphasizing the need for actionable reports and verifiable reproduction steps – to allow us to focus on critical threats with real-world impact. For more details 👇 bughunters.google.com/blog/ossvrp-ru…

English

8.2K

Google VRP (Google Bug Hunters)@GoogleVRP·13 Mar

GCP VRP Secrets? 🤫 Hear from the program leads! Michael Cote (linkedin.com/in/michaelpatr…) & Darby Hopkins (linkedin.com/in/darbyhopkins) join @ctbbpodcast to talk shop: killer report tips, program insights & boosting your bounty game on Google Cloud. 🎧 youtu.be/7u6xpVhEpBA #GoogleVRP #BugBounty #CloudSecurity #GCP

YouTube

English

9.2K

Google VRP (Google Bug Hunters)@GoogleVRP·12 Mar

Our Google Cloud VRP researchers don't miss! 🔥 Check out @terminatorLM's latest Looker research uncovering 9 novel cross-tenant vulns in Looker. See how it was done: 👇

Liv Matan@terminatorLM

🫣LeakyLooker: 1 Cross-tenant vulnerability? How about 9? (1/10)🧵 I’m incredibly proud to share LeakyLooker. I discovered 9 novel cross-tenant vulnerabilities in Google Cloud’s Looker Studio that broke fundamental design assumptions. Here is how I broke tenant isolation: 👇

English

8.8K

Google VRP (Google Bug Hunters)@GoogleVRP·11 Mar

📣📣📣 Hot off the press: 2025 highlights of Google's vulnerability reward programs! Notably, we awarded an all-time high of over $17 million in rewards 💰 and kicked off the dedicated AI VRP 🤖. Thank you to our incredible bug hunting community 🧑‍💻🧑‍💻🧑‍💻!!! bughunters.google.com/blog/google-vr…

English

18.4K

Google VRP (Google Bug Hunters)@GoogleVRP·10 Mar

📢 Interested in AI and agent security at Google🛡️? This post looks at how we mitigated the risk of URL-based data exfiltration through provenance checks and sanitization – effectively blocking a prompt injection-based exploitation vector. bughunters.google.com/blog/mitigatin…

English

107

19.9K

Google VRP (Google Bug Hunters)@GoogleVRP·9 Mar

Offline authentication on Android 🤖 🔒? Find out how the FIDO alliances's Hybrid transport architecture was expanded to support this crucial scenario, and how this increases reliability and unlocks many new use cases. bughunters.google.com/blog/hybrid-tr…

English

5.9K

Google VRP (Google Bug Hunters)@GoogleVRP·23 Şub

Next up in our series on Android and authentication 🤖 🔒: Learn how the FIDO Alliance's Hybrid protocol has been expanded beyond CTAP messages to also support generic JSON, and which new use cases this extended approach enables. bughunters.google.com/blog/hybrid-pr…

English

4.7K

Google VRP (Google Bug Hunters)@GoogleVRP·10 Şub

Curious how we go about security reviews at Google? In this case, we teamed up with Intel to take a closer look at Intel Trust Domain Extensions (TDX) 1.5 and help secure the confidential computing space! For the details, 👇 bughunters.google.com/blog/a-joint-s…

English

22.7K

Keşfet

@brutecat @omer_asfu @ctbbpodcast @terminatorLM @elonmusk @BarackObama @taylorswift13 @cristiano