logoalt Hacker News

thamzhackyesterday at 7:40 PM1 replyview on HN

I've reported bugs to google VRP and got paid. The main problem with this report is that the victim has to click a suspicious link which is similar to phishing through email. No bounty programs award bounty for phishing.

This is not to say this isn't a bug. The author has to find a way to escalate the impact. If they are able to achieve the same impact without user interaction the impact will be high enough for bounty.


Replies

tasty_freezeyesterday at 10:57 PM

What suspicious link? The person is in their AI-powered page that google provides with pre-cooked suggested prompts. If the user clicks one of those and triggers the security explait, is that what you are calling suspicious? I don't.

show 1 reply