Luan Herrera

I began looking into browser security issues again in 2026 and while reviewing extension permission APIs, I noticed that the default declarativeNetRequest API (which only requires permission to block content on all pages) can be leveraged into a side-channel attack. This permission ends up allowing an extension to infer the full URL of open tabs without requesting the chrome.tabs permission, and it can also leak the full URL of cross-origin redirects. Unfortunately, fixing this issue has been deemed unrealistic by Chrome, and the risk has been accepted, so it is worth keeping this in mind when granting content-blocking permissions to browser extensions. The complete public report can be found at issues.chromium.org/issues/4792584….

new tool PEGA-PEGA Multi-protocol request logger and catcher. Listens on 14 protocols, logs every incoming request, and displays them in a web dashboard and terminal UI. github.com/caioluders/peg…

i built an entire x86 CPU emulator in CSS (no javascript) you can write programs in C, compile them to x86 machine code with GCC, and run them inside CSS

🚨 CVE-2026-1731 🚨 Our team discovered a critical pre-auth RCE affecting BeyondTrust Remote Support & Privileged Remote Access. SaaS/Cloud instances have been patched. If you're running self-hosted deployments, apply the patches immediately. More info in the comments.

[447172715][reward: $30000] Security: Compromised renderer can control mouse after single tap (UXSS, sandbox escape, and more) crbug.com/447172715

@RenwaX23 I feel you! My record is 2660 days 😆

@lbherrera_ Uh oh! This issue still open and hasn't been updated in the last 1720 days. This is a serious vulnerability, and we want to ensure that there's progress. Could you please leave an update with the current status and any potential blockers?

Back on the Chrome VRP! 😁

Datr cookie theft and AI leading to Facebook account takeover ($24,000) ysamm.com/uncategorized/… Two-click Facebook account takeover via FXAuth ($30,000) ysamm.com/uncategorized/… Self-XSS in Facebook payments flow leads to account takeovers ($62,500) ysamm.com/uncategorized/…

$312,500 worth of stored/reflected XSS vulnerabilities in Meta’s Conversions API Gateway allowed Javascript code to run on any Facebook domain and millions of third-party websites. The flaw enabled zero-click Facebook account takeover and more: ysamm.com/uncategorized/…

We've published a new blog post by RyotaK @ryotkak He discovered 8 methods to bypass safety mechanisms in Claude Code, leading to arbitrary command execution. We recommend updating to v1.0.93 or later to fix this vulnerability (CVE-2025-66032). flatt.tech/research/posts…

Cross-Site ETag Length Leak blog.arkark.dev/2025/12/26/eta… I just posted the author writeup for impossible-leak in SECCON CTF 14 Quals. As far as I know, this is a new XS-Leak technique! The ETag header can become a side channel :)

Could prediction markets like Polymarket/Kalshi be used to incentivize responsible disclosure of 0days? For example: "Will a critical Apache RCE be responsibly reported and patched in 2026?"

Part 3 of our Hacking AI Apps series. This time we hacked OpenAI Atlas Browser: A vulnerability that let us control tabs, leak browsing activity, and hijack your Reddit/Facebook accounts by stealing OAuth tokens. hacktron.ai/blog/hacking-o… Stay tuned for Part 4: Antigravity!

A POC for CVE-2025-55182 gist.github.com/maple3142/48bc…

We helped secure @perplexity_ai's comet browser from a critical vulnerability that could let attackers hijack the agent to exfiltrate local files, read emails, and bypass SOP. Read the full blog: hacktron.ai/blog/perplexit…

A case study of AI-accelerated hacking: How we at @HacktronAI hacked our way into Lovable's office, cut attack time from weeks to days, and helped secure Supabase from one of the most complex vulnerability chains we’ve ever worked through.

We published a blogpost about SafeContentFrame - a library for rendering untrusted content inside an iframe. The library is a big party of what I've been up to in the few last years! Check out the blog and take a slice of my birthday cake 🎂! bughunters.google.com/blog/671552987…

@shhnjk The only possible pathways I found were to use a renderer RCE to read local files. Or to exploit a web application that allows you to control the file type of downloaded files, so you could download them as .CSS or .HTML and later render and leak them.

@shhnjk Recently I researched this quite a bit since I have a way to open local files in Chrome without UI and wanted to escalate it further, but didn't manage to do so.

Found XSS on file: URL (in ChatGPT Agent mode). github.com/google/securit… But it seems file: URL finally has strict (document-based) SOP in Chromium: 1. Can't load other files as CSS unless the file has ".css" extension 2. fetch and XHR doesn't work on file: URL. 3. Access to other files via iframes doesn't work. What did I miss? Can we still access other file contents with XSS on file: URL?

Forcing Quirks Mode with PHP Warnings + CSS Exfiltration without Network Requests blog.arkark.dev/2025/09/08/asi… Published author writeup for pure-leak in ASIS CTF Quals 2025!