Mmm

@roddux both,This is an obvious vulnerability; Claude could easily find it.

@hackyzh So Claude found this bug? Or did you find it, and have Claude exploit it? :)

@0vercl0k Most are reported by Google

Another jam-packed Chrome security bulletin 🤖: chromereleases.googleblog.com/2026/05/stable…

@1ce0ear 👍👋

Thanks to everyone who came out - an unconventional GPU exploit where the hardware itself becomes the primitive, ultimately patching the AP kernel back.

@Khalil_Zhani Good news!

@hackyzh Yes

I'd like to ask everyone, after the Chrome VRP automatic update policy was implemented, are the bounties still being paid normally for vulnerabilities submitted before the new rules were introduced?🤣

@h3xr4bb1t Is it from Renderer RCE to Sandbox Escape? That price is way too low.

I have to say, you’d never expect a full browser exploit chain made up entirely of logic bugs. Of course it had to be Orange 🫡🍊

@cybaqkebm same as pj0.I don't know why Google defined it this way; perhaps they didn't consider the case of 0-click?

@hackyzh In which context? Google rates arbitrary code exec in media codecs as moderate severity, even Project Zero folks were surprised at some point. I stopped looking at 0-click. projectzero.google/2026/01/pixel-… #severity:~:text=Remote%20arbitrary%20code%20execution%20in%20a%20constrained%20context" target="_blank" rel="nofollow noopener">source.android.com/docs/security/…

Found 1 android 0-click memory corruption vuln.However, it seems that the upstream issue was resolved in March.🤡Fortunately, it was just a minor OOB read.#0click

@canyie2977 No

@hackyzh libjpeg?

@h3xr4bb1t They need to create momentum.

Honestly, with a little LLM help, I found variants, built a working PoC, and sent a polished patch to maintainer on the same day CopyFail dropped. So I’m curious why Xint didn’t find those variants before disclosure, assuming AI tools are used heavily in their workflow👀 Disclaimer: I’m an independent reporter and the patch author of the xfrm-ESP vulnerability, unrelated to the Dirty Frag post.

@calif_io These bounty are based old rules after new rules publish？

Google paid us $57,000 for two bugs in Chrome. We’re not doing this for the bounty, but it’s always fun to get rewarded. These bugs were found using nothing fancier than a $20/month AI subscription. If you’re curious, come check out our talk at the Real World AI Security Conference at Stanford: seclab.stanford.edu/RealWorldAIsec/ We haven’t published the Chrome bugs in our MAD Bugs series. They work better as part of something even more fun, stay tuned!

@sirdarckcat Nice,Eduardo :)

Just finished a really cool visit to Singapore! Where I met with a lot of the smartest folks here in the Vulnerability Research space. We are planning to build a new security hub in Singapore. And the first team we are building is going to be focused on.. 1/?🧵

😅Chrome VRP is dead

`The controlled read or controlled write poc must be included in your initial report - we will not consider submissions added at a later time.` That's ridiculous.

#Demonstrating-controlled-read-or-write" target="_blank" rel="nofollow noopener">chromium.googlesource.com/chromium/src/+… Demonstrating controlled read or write Mojom interfaces to demonstrate controlled reads or controlled writes in privileged processes are available in vrp_flags.mojom.

@eternalsakura13 Maybe,it’s too strict

@hackyzh It seems almost impossible to obtain sandbox escape bounties in the future.

@thedawgyg They are right.You cant use this flag when you report poc or exploit

8 weeks to be told a chrome exploit cant use the flag --single-process when launching chrome.... looks like moving on from google will be the right call

Exploring Android ROOT via CVE-2025–21479 @numencyberlabs/exploring-android-root-via-cve-2025-21479-eca9fb7ca6e9" target="_blank" rel="nofollow noopener">medium.com/@numencyberlab…

CVE-2026–5283: Uninitialized GPU Memory Disclosure via Partial Clear in ANGLE (Chrome WebGL) @numencyberlabs/cve-2026-5283-uninitialized-gpu-memory-disclosure-via-partial-clear-in-angle-chrome-webgl-3740ca481149" target="_blank" rel="nofollow noopener">medium.com/@numencyberlab…

@xaitax MSRC is like that; it can't compare to Google at all.

Almost two weeks after I asked for an update on my Windows Recall report, MSRC said their engineering team was in the “final stage of investigating.” A week later, they closed it as “not a vulnerability.” Based on that/their reasoning, they could have said that from day one. 🤷🏻‍♂️ Full write-up and release soon.