Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/xdavidhu/awesome-google-vrp-writeups

🐛 A list of writeups from the Google VRP Bug Bounty program
https://github.com/xdavidhu/awesome-google-vrp-writeups

List: awesome-google-vrp-writeups

Last synced: 1 day ago
JSON representation

🐛 A list of writeups from the Google VRP Bug Bounty program

Awesome Lists containing this project

README

        

# Awesome Google VRP Writeups
🐛 A list of writeups from the Google VRP Bug Bounty program

*\*writeups: **not just** writeups*

**Follow [@gvrp_writeups](https://twitter.com/gvrp_writeups) on Twitter to get new writeups straigt into your feed!**

## Contributing:

If you know of any writeups/videos not listed in this repository, feel free to open a Pull Request.

To add a new writeup, simply add a new line to `writeups.csv`:
```
[YYYY-MM-DD],[bounty],[title],[url],[author-name],[author-url],[type],false,?
```
*If a value is not available, write `?`.*

*The value of `type` can either be `blog` or `video`.*

*If any of the fields include a `,`, please wrap the value in quotes.*

*Please keep the last two fields set to `false` and `?`. The automation will modify these fields.*

*If available, set `author-url` to the author's Twitter URL, so the automation can @mention the author.*

## Writeups:

### 2024:

- **[Nov 11 - $???]** [Release-Drafter To google/accompanist Compromise: VRP Writeup](https://adnanthekhan.com/2024/11/11/release-drafter-to-google-accompanist-compromise-vrp-writeup/)[*](https://web.archive.org/web/20241113142116/https://adnanthekhan.com/2024/11/11/release-drafter-to-google-accompanist-compromise-vrp-writeup/) by [Adnan Khan](https://twitter.com/adnanthekhan)
- **[Sep 25 - $4,837]** [XS-Search on Google Photos](https://ndevtk.github.io/writeups/2024/09/25/photos/)[*](https://web.archive.org/web/20241113055313/https://ndevtk.github.io/writeups/2024/09/25/photos/) by [NDevTK](https://x.com/ndevtk)
- **[Sep 19 - $3,133.7]** [Office Editing for Docs Sheets & Slides leak](https://ndevtk.github.io/writeups/2024/09/19/drive/)[*](https://web.archive.org/web/20241113142015/https://ndevtk.github.io/writeups/2024/09/19/drive/) by [NDevTK](https://x.com/ndevtk)
- **[Sep 19 - $4,133.7]** [Using YouTube to steal your files](https://lyra.horse/blog/2024/09/using-youtube-to-steal-your-files/)[*](https://web.archive.org/web/20241113142042/https://lyra.horse/blog/2024/09/using-youtube-to-steal-your-files/) by [Lyra Rebane](https://twitter.com/rebane2001)
- **[Aug 26 - $500]** [[$500] How I was able to give verification badge to any YouTube channel and bypass needed requirements](https://vojtechcekal.medium.com/how-i-was-able-to-give-verification-badge-to-any-youtube-channel-and-bypass-needed-requirements-b88855afe4b7)[*](https://web.archive.org/web/20241113141953/https://vojtechcekal.medium.com/how-i-was-able-to-give-verification-badge-to-any-youtube-channel-and-bypass-needed-requirements-b88855afe4b7) by [Vojtech Cekal](https://vojtechcekal.medium.com/)
- **[Aug 24 - $1,337]** [Exploiting Sandbox Escape Vulnerability in Apigee PythonScript Policy](https://codesent.io/r/N6Q)[*](https://web.archive.org/web/20241113043639/https://codesent.io/blog/code-sentinels-1/breaking-the-sandbox-2?utm_campaign=apigee_series&utm_source=Github&utm_medium=awesome-google-vrp-writeups) by [Nikita Markevich](https://www.linkedin.com/in/nikita-markevich-45a56a13a/)
- **[Aug 16 - $1,337]** [Kicking Off the Apigee Security Series: Discovering Rhino’s Blind Spot](https://codesent.io/r/XvI)[*](https://web.archive.org/web/20241113043610/https://codesent.io/blog/code-sentinels-1/discovering-rhinos-blind-spot-1?utm_campaign=apigee_series&utm_source=Github&utm_medium=awesome-google-vrp-writeups) by [Nikita Markevich](https://www.linkedin.com/in/nikita-markevich-45a56a13a/)
- **[Aug 13 - $???]** [ArtiPACKED: Hacking Giants Through a Race Condition in GitHub Actions Artifacts](https://unit42.paloaltonetworks.com/github-repo-artifacts-leak-tokens/)[*](#) by [Yaron Avital](https://twitter.com/yaronavital)
- **[Aug 04 - $???]** [How I Got Critical P2 Bug on Google](https://medium.com/@rhashibur75/how-i-got-critical-p2-bug-on-google-vrp-165017145af8)[*](https://web.archive.org/web/20241113141721/https://medium.com/@rhashibur75/how-i-got-critical-p2-bug-on-google-vrp-165017145af8) by [Kazi Hashibur Rahman](https://medium.com/@rhashibur75)
- **[Aug 02 - $1,000]** [Chromium infra leak](https://ndevtk.github.io/writeups/2024/08/02/chromiuminfra/)[*](https://web.archive.org/web/20241113141604/https://ndevtk.github.io/writeups/2024/08/02/chromiuminfra/) by [NDevTK](https://x.com/ndevtk)
- **[Aug 02 - $???]** [Supply Chain Attack on Chromium-BiDi and Puppeteer via GitHub Cache Poisoning](https://issues.chromium.org/issues/356905939)[*](https://web.archive.org/web/20241113141703/https://issues.chromium.org/issues/356905939) by [inspector-ambitious](https://twitter.com/inspector_amb)
- **[Aug 01 - $3,133.7]** [idx.google.com XSS](https://ndevtk.github.io/writeups/2024/08/01/projectidx/)[*](https://web.archive.org/web/20241113043233/https://ndevtk.github.io/writeups/2024/08/01/projectidx/) by [NDevTK](https://x.com/ndevtk)
- **[Aug 01 - $14,008.7]** [Android web attack surface](https://ndevtk.github.io/writeups/2024/08/01/awas/)[*](https://web.archive.org/web/20241113043343/https://ndevtk.github.io/writeups/2024/08/01/awas/) by [NDevTK](https://x.com/ndevtk)
- **[Jul 31 - $???]** [Escalating Privileges in Google Cloud via Open Groups](https://www.netspi.com/blog/technical-blog/cloud-pentesting/escalating-privileges-in-google-cloud-via-open-groups/)[*](https://web.archive.org/web/20241113141534/https://www.netspi.com/blog/technical-blog/cloud-pentesting/escalating-privileges-in-google-cloud-via-open-groups/) by [Thomas Elling](https://www.linkedin.com/in/thomaselling1/)
- **[Jul 26 - $???]** [Leaking All Users Google Drive Files](https://secreltyhiddenwriteups.blogspot.com/2024/07/leaking-all-users-google-drive-files.html)[*](https://web.archive.org/web/20241113043208/https://secreltyhiddenwriteups.blogspot.com/2024/07/leaking-all-users-google-drive-files.html) by [Cameron Vincent](https://twitter.com/secretlyhidden1)
- **[Jul 24 - $???]** [ConfusedFunction: A Privilege Escalation Vulnerability Impacting GCP Cloud Functions](https://www.tenable.com/blog/confusedfunction-a-privilege-escalation-vulnerability-impacting-gcp-cloud-functions)[*](https://web.archive.org/web/20241113141503/https://www.tenable.com/blog/confusedfunction-a-privilege-escalation-vulnerability-impacting-gcp-cloud-functions) by [Liv Matan](https://twitter.com/terminatorLM)
- **[Apr 15 - $7,500]** [An Obscure Actions Workflow Vulnerability in Google’s Flank](https://adnanthekhan.com/2024/04/15/an-obscure-actions-workflow-vulnerability-in-googles-flank/)[*](https://web.archive.org/web/20241113043141/https://adnanthekhan.com/2024/04/15/an-obscure-actions-workflow-vulnerability-in-googles-flank/) by [Adnan Khan](https://twitter.com/adnanthekhan)
- **[Mar 23 - $4,133.7]** [Hacking the Giant: How I Discovered Google’s Vulnerability and Hall of Fame Recognition](https://medium.com/@hncaga/hacking-the-giant-how-i-discovered-googles-vulnerability-and-hall-of-fame-recognition-694a9c18684a)[*](https://web.archive.org/web/20240730095144/https://infosecwriteups.com/hacking-the-giant-how-i-discovered-googles-vulnerability-and-hall-of-fame-recognition-694a9c18684a?gi=b18ac2f90bb3) by [Henry N. Caga](https://twitter.com/hncaga)
- **[Mar 04 - $50,000]** [We Hacked Google A.I. for $50,000](https://www.landh.tech/blog/20240304-google-hack-50000/)[*](https://web.archive.org/web/20240730095124/https://www.landh.tech/blog/20240304-google-hack-50000/) by [Lupin](https://twitter.com/0xLupin)

### 2023:

- **[Nov 14 - $10,000]** [Uncovering a crazy privilege escalation from Chrome extensions](https://0x44.xyz/blog/cve-2023-4369/)[*](https://web.archive.org/web/20231114231353/https://0x44.xyz/blog/cve-2023-4369/) by [Derin Eryilmaz](https://twitter.com/deryilz)
- **[Nov 14 - $???]** [Google VRP -[IDOR] Deleted Victim Data & Leaked](https://medium.com/@ggilang1135/google-vrp-idor-deleted-victim-data-leaked-0b3cba8e3f7a)[*](https://web.archive.org/web/20231115042639/https://medium.com/@ggilang1135/google-vrp-idor-deleted-victim-data-leaked-0b3cba8e3f7a) by [Gilang Romadon](https://medium.com/@ggilang1135)
- **[Nov 02 - $???]** [ApatchMe - Authenticated Stored XSS Vulnerability in AWS and GCP Apache Airflow Services](https://www.tenable.com/blog/apatchme-authenticated-stored-xss-vulnerability-in-aws-and-gcp-apache-airflow-services)[*](https://web.archive.org/web/20231103110025/https://www.tenable.com/blog/apatchme-authenticated-stored-xss-vulnerability-in-aws-and-gcp-apache-airflow-services) by [Tenable](https://twitter.com/tenablesecurity)
- **[Oct 19 - $???]** [Google Cloud Vertex AI - Data Exfiltration Vulnerability Fixed in Generative AI Studio](https://embracethered.com/blog/posts/2023/google-gcp-generative-ai-studio-data-exfiltration-fixed/)[*](https://web.archive.org/web/20231104051811/https://embracethered.com/blog/posts/2023/google-gcp-generative-ai-studio-data-exfiltration-fixed/) by [Johann Rehberger](https://twitter.com/wunderwuzzi23)
- **[Sep 18 - $???]** [How i found an Stored XSS on Google Books](https://medium.com/@cavdarbashas/how-i-found-an-stored-xss-on-google-books-732d9eb64e36)[*](https://web.archive.org/web/20231020133727/https://medium.com/@cavdarbashas/how-i-found-an-stored-xss-on-google-books-732d9eb64e36) by [Sokol Çavdarbasha](https://twitter.com/sokolicav)
- **[Sep 11 - $???]** [GCP CloudSQL Vulnerability Leads to Internal Container Access and Data Exposure](https://www.dig.security/post/gcp-cloudsql-vulnerability-leads-to-internal-container-access-and-data-exposure)[*](https://web.archive.org/web/20231022075518/https://www.dig.security/post/gcp-cloudsql-vulnerability-leads-to-internal-container-access-and-data-exposure) by [Ofir Balassiano](https://twitter.com/ofir_balassiano)
- **[Aug 18 - $18,833.7]** [Google Extensions](https://ndevtk.github.io/writeups/2023/08/18/extensions/)[*](https://web.archive.org/web/20231008030139/https://ndevtk.github.io/writeups/2023/08/18/extensions/) by [NDevTK](https://twitter.com/ndevtk)
- **[Jul 22 - $???]** [Hijacking Cloud CI/CD Systems for Fun and Profit](https://divyanshu-mehta.gitbook.io/researchs/hijacking-cloud-ci-cd-systems-for-fun-and-profit)[*](https://web.archive.org/web/20231022075452/https://divyanshu-mehta.gitbook.io/researchs/hijacking-cloud-ci-cd-systems-for-fun-and-profit) by [Divyanshu](https://twitter.com/gh0st_R1d3r_0x9)
- **[Jul 07 - $0]** [A Journey Into Hacking Google Search Appliance](https://devco.re/blog/2023/07/07/a-journey-into-hacking-google-search-appliance-en/)[*](https://web.archive.org/web/20231022065848/https://devco.re/blog/2023/07/07/a-journey-into-hacking-google-search-appliance-en/) by [DEVCORE](https://twitter.com/d3vc0r3)
- **[Jul 03 - $500]** [Hunting for Nginx Alias Traversals in the wild](https://labs.hakaioffsec.com/nginx-alias-traversal/)[*](https://web.archive.org/web/20231022065829/https://labs.hakaioffsec.com/nginx-alias-traversal/) by [Hakai Offensive Security](https://www.hakaioffensivesecurity.com/)
- **[Jun 30 - $???]** [Server-side Template Injection Leading to RCE on Google VRP](https://neupanemizzle.medium.com/server-side-template-injection-leading-to-rce-on-google-vrp-75f0a4bc6ebc)[*](https://web.archive.org/web/20231022075430/https://neupanemizzle.medium.com/server-side-template-injection-leading-to-rce-on-google-vrp-75f0a4bc6ebc) by [mizzleneupane](https://twitter.com/mizzle_neupane5)
- **[Jun 23 - $1,337]** [Insecure sandbox on Colaboratory](https://ndevtk.github.io/writeups/2023/06/23/outputframes/)[*](https://web.archive.org/web/20241113043030/https://ndevtk.github.io/writeups/2023/06/23/outputframes/) by [NDevTK](https://x.com/ndevtk)
- **[Jun 21 - $4,133.7]** [Unveiling a Critical Authentication Bypass Vulnerability in Google Cloud API Gateway](https://securingbits.com/bypassing-google-cloud-api-gateway)[*](https://web.archive.org/web/20231124094810/https://securingbits.com/bypassing-google-cloud-api-gateway) by [Securing Bits](https://twitter.com/securing_bits)
- **[Jun 11 - $7,500]** [googlesource.com access_token leak](https://ndevtk.github.io/writeups/2023/06/11/googlesource/)[*](https://web.archive.org/web/20231022075417/https://ndevtk.github.io/writeups/2023/06/11/googlesource/) by [NDevTK](https://twitter.com/ndevtk)
- **[Jun 09 - $6,000]** [XSS in GMAIL Dynamic Email (AMP for Email)](https://asdqw3.medium.com/xss-in-gmail-dynamic-email-amp-for-email-3872d6052a0d)[*](https://web.archive.org/web/20231020131516/https://asdqw3.medium.com/xss-in-gmail-dynamic-email-amp-for-email-3872d6052a0d) by [asdqw3](https://twitter.com/agamimaulana)
- **[Apr 20 - $???]** [GhostToken – Exploiting GCP application infrastructure to create invisible, unremovable trojan app on Google accounts](https://astrix.security/ghosttoken-exploiting-gcp-application-infrastructure-to-create-invisible-unremovable-trojan-app-on-google-accounts/)[*](https://web.archive.org/web/20231022143827/https://astrix.security/ghosttoken-exploiting-gcp-application-infrastructure-to-create-invisible-unremovable-trojan-app-on-google-accounts/) by [Astrix Security](https://twitter.com/AstrixSecurity)
- **[Apr 18 - $???]** [How Material Security Uncovered a Vulnerability in the Gmail API](https://material.security/blog/how-material-security-uncovered-a-vulnerability-in-gmail-api)[*](https://web.archive.org/web/20231022075350/https://material.security/blog/how-material-security-uncovered-a-vulnerability-in-gmail-api) by [Material Security](https://twitter.com/material_sec)
- **[Apr 13 - $500]** [Remote Code Execution Vulnerability in Google They Are Not Willing To Fix](https://giraffesecurity.dev/posts/google-remote-code-execution/)[*](https://web.archive.org/web/20230728103039/https://giraffesecurity.dev/posts/google-remote-code-execution/) by [Giraffe Security](https://giraffesecurity.dev/)
- **[Mar 31 - $0]** [Unveiling the Secrets: My Journey of Hacking Google’s OSS](https://infosecwriteups.com/unveiling-the-secrets-my-journey-of-hacking-googles-oss-cdd9ef3c7aa)[*](https://web.archive.org/web/20230331125459/https://infosecwriteups.com/unveiling-the-secrets-my-journey-of-hacking-googles-oss-cdd9ef3c7aa?gi=7f01bb3a5730) by [7h3h4ckv157](https://twitter.com/7h3h4ckv157)
- **[Mar 28 - $???]** [The curl quirk that exposed Burp Suite & Google Chrome](https://portswigger.net/research/the-curl-quirk-that-exposed-burp-suite-amp-google-chrome)[*](https://web.archive.org/web/20230615155314/https://portswigger.net/research/the-curl-quirk-that-exposed-burp-suite-amp-google-chrome) by [Paul Mutton](https://twitter.com/paulmutton)
- **[Mar 18 - $???]** [Exploiting aCropalypse: Recovering Truncated PNGs](https://www.da.vidbuchanan.co.uk/blog/exploiting-acropalypse.html)[*](https://web.archive.org/web/20230727225338/https://www.da.vidbuchanan.co.uk/blog/exploiting-acropalypse.html) by [David Buchanan](https://twitter.com/David3141593)
- **[Mar 13 - $5,000]** [The Time I Hacked Google’s Manual Actions Database](https://www.tomanthony.co.uk/blog/googles-manual-actions-hack/)[*](https://web.archive.org/web/20230511184950/https://www.tomanthony.co.uk/blog/googles-manual-actions-hack/) by [Tom Anthony](https://twitter.com/TomAnthonySEO)
- **[Mar 11 - $1,837]** [CCAI XSS](https://ndevtk.github.io/writeups/2023/03/11/ccai/)[*](#) by [NDevTK](https://x.com/ndevtk)
- **[Feb 10 - $500]** [Information disclosure or GDPR breach? A Google tale…](https://medium.com/@lukeberner/information-disclosure-or-gdpr-breach-a-google-tale-f9e99fd5d648)[*](https://web.archive.org/web/20230226134624/https://medium.com/@lukeberner/information-disclosure-to-gdpr-breach-a-google-tale-f9e99fd5d648) by [Luke Berner](https://www.linkedin.com/in/lucas-berner-89865339/)
- **[Feb 09 - $???]** [Broken Access Control can create Asset library whereas role access is billing + IDOR | Google Ads](https://medium.com/@ggilang1135/broken-access-control-can-create-asset-library-whereas-role-access-is-billing-idor-b1b632f2c281)[*](https://web.archive.org/web/20231115042624/https://medium.com/@ggilang1135/broken-access-control-can-create-asset-library-whereas-role-access-is-billing-idor-b1b632f2c281) by [Gilang Romadon](https://medium.com/@ggilang1135)
- **[Feb 07 - $0]** [Google Meet Flaw — Join Any Organisation Call (Not an 0day but still acts as 0day) — Refused by GoogleVRP](https://basu-banakar.medium.com/google-meet-flaw-join-any-organisation-call-not-an-0day-but-still-acts-as-0day-refused-by-4d65730df403)[*](https://web.archive.org/web/20231008030116/https://basu-banakar.medium.com/google-meet-flaw-join-any-organisation-call-not-an-0day-but-still-acts-as-0day-refused-by-4d65730df403) by [Basavaraj Banakar](https://twitter.com/basu_banakar)
- **[Feb 05 - $???]** [I was able to see likes count even though it was hidden by the victim | YouTube App 16.15.35](https://web.archive.org/web/20230306174012/https://bloggerrando.blogspot.com/2023/02/06-2.html)[*](#) by [R ando](https://twitter.com/Rando02355205)
- **[Jan 22 - $???]** [How i was able to get critical bug on google by get full access on [Google Cloud BI Hackathon]](https://orwaatyat.medium.com/how-i-was-able-to-get-critical-bug-on-google-by-get-full-access-on-google-cloud-bi-hackathon-f779fce29900)[*](https://web.archive.org/web/20231022091621/https://orwaatyat.medium.com/how-i-was-able-to-get-critical-bug-on-google-by-get-full-access-on-google-cloud-bi-hackathon-f779fce29900) by [Orwa Atyat](https://twitter.com/GodfatherOrwa)
- **[Jan 15 - $3,133.7]** [XSS using postMessage in Google Cloud Theia notebooks [Google VRP]](https://blog.geekycat.in/xss-using-postmessage-in-google-cloud-theia-notebooks/)[*](https://web.archive.org/web/20231022091605/https://blog.geekycat.in/xss-using-postmessage-in-google-cloud-theia-notebooks/) by [Sreeram KL](https://twitter.com/kl_sree)
- **[Jan 13 - $3,133.7]** [Bypassing authorization in Google Cloud Workstations [Google VRP]](https://blog.stazot.com/ssh-key-injection-google-cloud/)[*](https://web.archive.org/web/20231006115738/https://blog.stazot.com/ssh-key-injection-google-cloud/) by [Sivanesh Ashok](https://twitter.com/sivaneshashok)
- **[Jan 12 - $6,000]** [SSH key injection in Google Cloud Compute Engine [Google VRP]](https://blog.stazot.com/auth-bypass-in-google-cloud-workstations/)[*](https://web.archive.org/web/20230705030603/https://blog.stazot.com/auth-bypass-in-google-cloud-workstations/) by [Sivanesh Ashok](https://twitter.com/sivaneshashok)
- **[Jan 12 - $3,133.7]** [Client-Side SSRF to Google Cloud Project Takeover [Google VRP]](https://blog.geekycat.in/client-side-ssrf-to-google-cloud-project-takeover/)[*](https://web.archive.org/web/20231006115611/https://blog.geekycat.in/client-side-ssrf-to-google-cloud-project-takeover/) by [Sreeram KL](https://twitter.com/kl_sree)
- **[Jan 06 - $2,337]** [Identity-Aware Proxy Misconfiguration- Google Cloud Vulnerability](https://medium.com/@LogicalHunter/identity-aware-proxy-misconfiguration-google-cloud-vulnerability-813d2a07a4ed)[*](https://web.archive.org/web/20240107141036/https://medium.com/@LogicalHunter/identity-aware-proxy-misconfiguration-google-cloud-vulnerability-813d2a07a4ed) by [Borna Nematzadeh](https://twitter.com/LogicalHunter)

### 2022:

- **[Dec 26 - $107,500]** [Turning Google smart speakers into wiretaps for $100k](https://downrightnifty.me/blog/2022/12/26/hacking-google-home.html)[*](https://web.archive.org/web/20230226143328/https://downrightnifty.me/blog/2022/12/26/hacking-google-home.html) by [Matt Kunze](https://downrightnifty.me/)
- **[Dec 26 - $20,000]** [Few bugs in the google cloud shell](https://obmiblog.blogspot.com/2022/12/gcp-2022-few-bugs-in-google-cloud-shell.html)[*](https://web.archive.org/web/20231022065810/https://obmiblog.blogspot.com/2022/12/gcp-2022-few-bugs-in-google-cloud-shell.html) by [Obmi](https://bughunters.google.com/profile/40997bbc-945a-4eca-8408-eed302641c96)
- **[Nov 30 - $1,337]** [The space creators can still see the members of the space, even after they have been removed from the space.](https://web.archive.org/web/20221201043429/https://hopesamples.blogspot.com/2022/11/the-space-creators-can-still-see.html)[*](#) by [Vivek M](#)
- **[Nov 10 - $70,000]** [Accidental $70k Google Pixel Lock Screen Bypass](https://bugs.xdavidhu.me/google/2022/11/10/accidental-70k-google-pixel-lock-screen-bypass/)[*](https://web.archive.org/web/20221128160740/https://bugs.xdavidhu.me/google/2022/11/10/accidental-70k-google-pixel-lock-screen-bypass/) by [David SchĂźtz](https://twitter.com/xdavidhu)
- **[Sep 22 - $0]** [Exploiting Distroless Images](https://www.form3.tech/blog/engineering/exploiting-distroless-images)[*](https://web.archive.org/web/20231022142438/https://www.form3.tech/blog/engineering/exploiting-distroless-images) by [Daniel Teixeira](https://twitter.com/TheRedOperator)
- **[Sep 16 - $???]** [Cloning internal Google repos for fun and… info?](https://medium.com/@lukeberner/cloning-internal-google-repos-for-fun-and-info-bf2c83d0ae00)[*](https://web.archive.org/web/20221007012855/https://medium.com/@lukeberner/cloning-internal-google-repos-for-fun-and-info-bf2c83d0ae00) by [Luke Berner](https://www.linkedin.com/in/lucas-berner-89865339/)
- **[Sep 06 - $3,133.7]** [IDOR leads to removing members from any Google Chat Space.](https://web.archive.org/web/20220906173240/https://hopesamples.blogspot.com/2022/09/idor-leads-to-removing-members-from-any.html)[*](#) by [Vivek M](#)
- **[Jul 26 - $8,133.7]** [Google Play and DevSite XSS](https://ndevtk.github.io/writeups/2022/07/26/google-xss/)[*](https://web.archive.org/web/20241113042147/https://ndevtk.github.io/writeups/2022/07/26/google-xss/) by [NDevTK](https://x.com/ndevtk)
- **[Jun 09 - $???]** [How to download eBooks from Google Play Store without paying for them](https://webs3c.com/t/how-to-download-ebooks-from-google-play-store-without-paying-for-them/79)[*](https://web.archive.org/web/20220625160226/https://webs3c.com/t/how-to-download-ebooks-from-google-play-store-without-paying-for-them/79) by [Yess](https://twitter.com/Yess_2021xD)
- **[Apr 23 - $1,337]** [Launching a Supply Chain Counterattack Against Google and OpenSSF](https://codemuch.tech/2022/04/23/supply-chain-counterattack/)[*](https://web.archive.org/web/20220511152343/https://codemuch.tech/2022/04/23/supply-chain-counterattack/) by [Alan Cao](https://twitter.com/AlanCao5)
- **[Mar 25 - $0]** [Clipboard hazard with Google Sheets](https://irsl.medium.com/clipboard-hazard-with-google-sheets-1c1f3d566907)[*](https://web.archive.org/web/20220511152331/https://irsl.medium.com/clipboard-hazard-with-google-sheets-1c1f3d566907) by [Imre Rad](https://www.linkedin.com/in/imre-rad-2358749b/)
- **[Mar 19 - $10,000]** [System environment variables leak on Google Chrome - Microsoft Edge and Opera](https://github.com/Puliczek/CVE-2022-0337-PoC-Google-Chrome-Microsoft-Edge-Opera)[*](https://web.archive.org/web/20220906194554/https://github.com/Puliczek/CVE-2022-0337-PoC-Google-Chrome-Microsoft-Edge-Opera) by [Maciej Pulikowski](https://twitter.com/pulik_io)
- **[Mar 08 - $???]** [Container Escape to Shadow Admin: GKE Autopilot Vulnerabilities](https://unit42.paloaltonetworks.com/gke-autopilot-vulnerabilities/)[*](https://web.archive.org/web/20220319113511/https://unit42.paloaltonetworks.com/gke-autopilot-vulnerabilities/) by [Unit 42](https://twitter.com/Unit42_Intel)
- **[Feb 20 - $3,133.7]** [Send a Email and get kicked out of Google Groups - A Feature that almost broke Google Groups](https://sriram-offcl.medium.com/send-a-email-to-me-and-get-kicked-out-of-google-groups-29b5c2c60e95)[*](https://web.archive.org/web/20220319112448/https://infosecwriteups.com/send-a-email-to-me-and-get-kicked-out-of-google-groups-29b5c2c60e95?gi=2f818fa58c71) by [Sriram](https://twitter.com/sriramoffcl)
- **[Feb 06 - $2,674]** [Auth Bypass in Google Assistant](https://feed.bugs.xdavidhu.me/bugs/0012)[*](https://web.archive.org/web/20220212220602/https://feed.bugs.xdavidhu.me/bugs/0012) by [David SchĂźtz](https://twitter.com/xdavidhu)
- **[Feb 06 - $1,337]** [Auth Bypass in com.google.android.googlequicksearchbox](https://feed.bugs.xdavidhu.me/bugs/0013)[*](https://web.archive.org/web/20220212220701/https://feed.bugs.xdavidhu.me/bugs/0013) by [David SchĂźtz](https://twitter.com/xdavidhu)
- **[Feb 02 - $???]** [How I Was Able To Track You Around The Globe!](https://bugs.0xdroopy.live/bugs/how-i-tracked-you-around-the-globe/)[*](https://web.archive.org/web/20220319112328/https://bugs.0xdroopy.live/bugs/how-i-tracked-you-around-the-globe/) by [Nikhil Kaushik](https://twitter.com/NikhilK50866227)

### 2021:

- **[Dec 30 - $5,000]** [Email storage leaking ticket-attachment](https://ndevtk.github.io/writeups/2021/12/30/ticket-attachments/)[*](https://web.archive.org/web/20241113041822/https://ndevtk.github.io/writeups/2021/12/30/ticket-attachments/) by [NDevTK](https://x.com/ndevtk)
- **[Dec 28 - $3,133.7]** [RCE in Google Cloud Dataflow](https://mbrancato.github.io/2021/12/28/rce-dataflow.html)[*](https://web.archive.org/web/20220108195326/https://mbrancato.github.io/2021/12/28/rce-dataflow.html) by [Mike Brancato](https://www.linkedin.com/in/mikebrancato/)
- **[Dec 25 - $???]** [How I Saved Christmas For Google!](https://bugs.0xdroopy.live/bugs/how-i-saved-the-christmas-for-google/)[*](https://web.archive.org/web/20220319112033/https://bugs.0xdroopy.live/bugs/how-i-saved-the-christmas-for-google/) by [Nikhil Kaushik](https://twitter.com/NikhilK50866227)
- **[Dec 21 - $5,000]** [Google Cloud Shell XSS](https://ndevtk.github.io/writeups/2021/12/30/cloud-shell-xss/)[*](https://web.archive.org/web/20231008030152/https://ndevtk.github.io/writeups/2021/12/30/cloud-shell-xss/) by [NDevTK](https://twitter.com/ndevtk)
- **[Dec 05 - $6,267.4]** [SSRF vulnerability in AppSheet - Google VRP](https://nechudav.blogspot.com/2021/12/ssrf-vulnerability-in-appsheet-google.html)[*](https://web.archive.org/web/20211205190618/https://nechudav.blogspot.com/2021/12/ssrf-vulnerability-in-appsheet-google.html) by [David Nechuta](https://twitter.com/david_nechuta)
- **[Nov 21 - $???]** [Becoming A Super Admin In Someone Elses Gsuite Organization And Taking It Over](https://secreltyhiddenwriteups.blogspot.com/2021/11/becoming-super-admin-in-someone-elses.html)[*](https://web.archive.org/web/20240730094947/https://secreltyhiddenwriteups.blogspot.com/2021/11/becoming-super-admin-in-someone-elses.html) by [Cameron Vincent](https://twitter.com/secretlyhidden1)
- **[Nov 17 - $10,401.1]** [Reacting to myself finding an SSRF vulnerability in Google Cloud](https://www.youtube.com/watch?v=UyemBjyQ4qA)[*](#) by [David SchĂźtz](https://twitter.com/xdavidhu)
- **[Nov 11 - $1,337]** [GOOGLE VRP BUG BOUNTY: /etc/environment local variables exfiltrated on Linux Google Earth Pro desktop app](https://omespino.com/write-up-google-vrp-bug-bounty-etc-environment-local-variables-exfiltrated-on-linux-google-earth-pro-desktop-app-1337-usd/)[*](https://web.archive.org/web/20211205222340/https://omespino.com/write-up-google-vrp-bug-bounty-etc-environment-local-variables-exfiltrated-on-linux-google-earth-pro-desktop-app-1337-usd/) by [Omar Espino](https://twitter.com/omespino)
- **[Oct 24 - $7,500]** [A 7500$ Google sites IDOR](https://r0ckinxj3.wordpress.com/2021/10/24/a-7500-google-sites-idor/)[*](https://web.archive.org/web/20220212215914/https://r0ckinxj3.wordpress.com/2021/10/24/a-7500-google-sites-idor/) by [r0ckin](https://twitter.com/r0ckin_)
- **[Oct 18 - $???]** [The Speckle Umbrella story — part 2](https://irsl.medium.com/the-speckle-umbrella-story-part-2-fcc0193614ea)[*](https://web.archive.org/web/20211106111937/https://irsl.medium.com/the-speckle-umbrella-story-part-2-fcc0193614ea) by [Imre Rad](https://www.linkedin.com/in/imre-rad-2358749b/)
- **[Oct 14 - $0]** [GOOGLE VRP N/A: Arbitrary local file read (macOS) via <a> tag and null byte (%00) in Google Earth Pro Desktop app](https://omespino.com/write-up-google-vrp-n-a-arbitrary-local-file-read-macos-via-a-tag-and-null-byte-in-google-earth-pro-desktop-app/)[*](https://web.archive.org/web/20211106111614/https://omespino.com/write-up-google-vrp-n-a-arbitrary-local-file-read-macos-via-a-tag-and-null-byte-in-google-earth-pro-desktop-app/) by [Omar Espino](https://twitter.com/omespino)
- **[Oct 11 - $0]** [Hacking YouTube With MP4](https://realkeyboardwarrior.github.io/security/2021/10/11/hacking-youtube.html)[*](https://web.archive.org/web/20211205180448/https://realkeyboardwarrior.github.io/security/2021/10/11/hacking-youtube.html) by [Florian Mathieu](https://twitter.com/Keyb0ardWarr10r)
- **[Oct 08 - $25,401.1]** [4 Weird Google VRP Bugs in 40 Minutes - Hacktivity 2021](https://www.youtube.com/watch?v=nP_y-Z-FXr0)[*](#) by [David SchĂźtz](https://twitter.com/xdavidhu)
- **[Sep 28 - $???]** [Google Extensible Service Proxy v1 - CWE-287 Improper Authentication](https://seclists.org/fulldisclosure/2021/Sep/51)[*](https://web.archive.org/web/20211010181255/https://seclists.org/fulldisclosure/2021/Sep/51) by [Imre Rad](https://www.linkedin.com/in/imre-rad-2358749b/)
- **[Sep 10 - $1,337]** [Bypassing GCP Org Policy with Custom Metadata](https://kattraxler.github.io/gcp/hacking/2021/09/10/gcp-org-policy-bypass-ai-notebooks.html)[*](https://web.archive.org/web/20211106114030/https://kattraxler.github.io/gcp/hacking/2021/09/10/gcp-org-policy-bypass-ai-notebooks.html) by [Kat Traxler](https://twitter.com/NightmareJS)
- **[Sep 06 - $4,133.7]** [2 CSRF 1 IDOR on Google Marketing Platform](https://apapedulimu.click/story-of-idor-on-google-product/)[*](https://web.archive.org/web/20231105080032/https://apapedulimu.click/story-of-idor-on-google-product/) by [Apapedulimu](https://twitter.com/LocalHost31337)
- **[Aug 24 - $???]** [The Nomulus rift](https://irsl.medium.com/the-nomulus-rift-935a3c4d9300)[*](https://web.archive.org/web/20210824194209/https://irsl.medium.com/the-nomulus-rift-935a3c4d9300) by [Imre Rad](https://www.linkedin.com/in/imre-rad-2358749b/)
- **[Aug 23 - $???]** [Hey Google ! - Delete my Data Properly — #GoogleVRP](https://medium.com/techiepedia/hey-google-delete-my-data-properly-googlevrp-83349ca8e0e1)[*](https://web.archive.org/web/20211010181548/https://medium.com/techiepedia/hey-google-delete-my-data-properly-googlevrp-83349ca8e0e1) by [Sriram Kesavan](https://twitter.com/sriramoffcl/)
- **[Jul 13 - $???]** [Unencrypted HTTP Links to Google Scholar in Search](https://feed.bugs.xdavidhu.me/bugs/0010)[*](https://web.archive.org/web/20211205190611/https://feed.bugs.xdavidhu.me/bugs/0010) by [David SchĂźtz](https://twitter.com/xdavidhu)
- **[Jul 08 - $0]** [IDOR on clientauthconfig.googleapis.com](https://feed.bugs.xdavidhu.me/bugs/0009)[*](https://web.archive.org/web/20211205190605/https://feed.bugs.xdavidhu.me/bugs/0009) by [David SchĂźtz](https://twitter.com/xdavidhu)
- **[Jun 25 - $???]** [Google Compute Engine (GCE) VM takeover via DHCP flood](https://github.com/irsl/gcp-dhcp-takeover-code-exec)[*](https://web.archive.org/web/20210628184722/https://github.com/irsl/gcp-dhcp-takeover-code-exec) by [Imre Rad](https://www.linkedin.com/in/imre-rad-2358749b/)
- **[Jun 16 - $???]** [Story of Google Hall of Fame and Private program bounty worth $$$$](https://infosecwriteups.com/story-of-google-hall-of-fame-and-private-program-bounty-worth-53559a95c468)[*](https://web.archive.org/web/20210628185104/https://infosecwriteups.com/story-of-google-hall-of-fame-and-private-program-bounty-worth-53559a95c468?gi=d4a3651a766a) by [Basavaraj Banakar](https://twitter.com/basu_banakar)
- **[Jun 13 - $3,133.7]** [Privilege escalation on https://dialogflow.cloud.google.com](https://lalka-test.medium.com/google-vrp-privilege-escalation-on-https-dialogflow-cloud-google-com-599af6c4516d)[*](https://web.archive.org/web/20210614090237/https://medium.com/@lalka_test/google-vrp-privilege-escalation-on-https-dialogflow-cloud-google-com-599af6c4516d) by [lalka](https://twitter.com/0x01alka)
- **[Jun 09 - $500]** [Author spoofing in Google Colaboratory](https://www.ehpus.com/post/author-spoofing-in-google-colaboratory)[*](https://web.archive.org/web/20210609191502/https://www.ehpus.com/post/author-spoofing-in-google-colaboratory) by [Zohar Shacha](https://www.linkedin.com/in/zohar-shachar/)
- **[May 31 - $10,000]** [AppCache's forgotten tales](https://blog.lbherrera.me/posts/appcache-forgotten-tales/)[*](https://web.archive.org/web/20210601152111/https://blog.lbherrera.me/posts/appcache-forgotten-tales/) by [Luan Herrera](https://twitter.com/lbherrera_)
- **[May 17 - $???]** [Clickjacking in Nearby Devices Dashboard](https://feed.bugs.xdavidhu.me/bugs/0005)[*](https://web.archive.org/web/20210517120128/https://feed.bugs.xdavidhu.me/bugs/0005) by [David SchĂźtz](https://twitter.com/xdavidhu)
- **[May 16 - $5,000]** [Auth Bypass in https://nearbydevices-pa.googleapis.com](https://feed.bugs.xdavidhu.me/bugs/0004)[*](https://web.archive.org/web/20210516220256/https://feed.bugs.xdavidhu.me/bugs/0004) by [David SchĂźtz](https://twitter.com/xdavidhu)
- **[May 05 - $???]** [How I Hacked Google App Engine: Anatomy of a Java Bytecode Exploit](https://blog.polybdenum.com/2021/05/05/how-i-hacked-google-app-engine-anatomy-of-a-java-bytecode-exploit.html)[*](https://web.archive.org/web/20210507101404/https://blog.polybdenum.com/2021/05/05/how-i-hacked-google-app-engine-anatomy-of-a-java-bytecode-exploit.html) by [Robert Grosse](https://www.reddit.com/user/Uncaffeinated/)
- **[Apr 29 - $???]** [De-anonymising Anonymous Animals in Google Workspace](https://feed.bugs.xdavidhu.me/bugs/0003)[*](https://web.archive.org/web/20210429095111/https://feed.bugs.xdavidhu.me/bugs/0003) by [David SchĂźtz](https://twitter.com/xdavidhu)
- **[Apr 21 - $???]** [IDOR leads to how many likes that was hidden | Youtube](https://randobugbountywu.blogspot.com/2021/04/idor-leads-to-how-many-likes-that-was.html)[*](https://web.archive.org/web/20210601152051/https://randobugbountywu.blogspot.com/2021/04/idor-leads-to-how-many-likes-that-was.html) by [R Ando](https://twitter.com/Rando02355205)
- **[Apr 20 - $???]** [Auth Bypass in Google Workspace Real Time Collaboration](https://feed.bugs.xdavidhu.me/bugs/0002)[*](https://web.archive.org/web/20210429095041/https://feed.bugs.xdavidhu.me/bugs/0002) by [David SchĂźtz](https://twitter.com/xdavidhu)
- **[Apr 13 - $1,337]** [Google Photos : Theft of Database & Arbitrary Files Android Vulnerability](https://servicenger.com/blog/mobile/google-photos-theft-of-database-arbitrary-files-android-vulnerability/)[*](https://web.archive.org/web/20210426171424/https://servicenger.com/blog/mobile/google-photos-theft-of-database-arbitrary-files-android-vulnerability/) by [Rahul Kankrale](https://twitter.com/RahulKankrale)
- **[Apr 09 - $31,337]** [Explaining the exploit to $31,337 Google Cloud blind SSRF](https://www.youtube.com/watch?v=q0YgfwOndOw)[*](#) by [Bug Bounty Reports Explained](https://www.youtube.com/channel/UCZDyl7G-Lq-EMVO8PfDFp9g)
- **[Apr 06 - $31,337]** [$31,337 Google Cloud blind SSRF + HANDS-ON labs](https://www.youtube.com/watch?v=ashSoc59z1Y)[*](#) by [Bug Bounty Reports Explained](https://www.youtube.com/channel/UCZDyl7G-Lq-EMVO8PfDFp9g)
- **[Apr 05 - $6,000]** [I Built a TV That Plays All of Your Private YouTube Videos](https://bugs.xdavidhu.me/google/2021/04/05/i-built-a-tv-that-plays-all-of-your-private-youtube-videos/)[*](https://web.archive.org/web/20210426152923/https://bugs.xdavidhu.me/google/2021/04/05/i-built-a-tv-that-plays-all-of-your-private-youtube-videos/) by [David SchĂźtz](https://twitter.com/xdavidhu)
- **[Apr 02 - $100]** [Play a game, get Subscribed to my channel - YouTube Clickjacking Bug](https://infosecwriteups.com/play-a-game-get-subscribed-to-my-channel-youtube-clickjacking-bug-googlevrp-6ce1d15542d3)[*](https://web.archive.org/web/20210429095020/https://infosecwriteups.com/play-a-game-get-subscribed-to-my-channel-youtube-clickjacking-bug-googlevrp-6ce1d15542d3?gi=1b8e222195b) by [Sriram Kesavan](https://twitter.com/sriramoffcl)
- **[Mar 22 - $5,000]** [File System Access API - vulnerabilities](https://github.com/Puliczek/CVE-2021-21123-PoC-Google-Chrome)[*](https://web.archive.org/web/20220906194544/https://github.com/Puliczek/CVE-2021-21123-PoC-Google-Chrome) by [Maciej Pulikowski](https://twitter.com/pulik_io)
- **[Mar 21 - $???]** [How I made it to Google HOF?](https://infosecwriteups.com/how-i-made-it-to-google-hof-f1cec85fdb1b)[*](https://web.archive.org/web/20210426152901/https://infosecwriteups.com/how-i-made-it-to-google-hof-f1cec85fdb1b?gi=830e2567977d) by [Sudhanshu Rajbhar](https://twitter.com/sudhanshur705)
- **[Mar 17 - $165,174]** [Hacking into Google's Network for $133,337](https://www.youtube.com/watch?v=g-JgA1hvJzA)[*](#) by [LiveOverflow](https://twitter.com/LiveOverflow/)
- **[Mar 11 - $3,133.7]** [How I Get Blind XSS At Google With Dork (First Bounty and HOF )](https://apapedulimu.click/google-vrp-how-i-get-blind-xss-at-google-with-dork-first-bounty-and-hof/)[*](https://web.archive.org/web/20210426152641/https://apapedulimu.click/google-vrp-how-i-get-blind-xss-at-google-with-dork-first-bounty-and-hof/) by [Rio Mulyadi Pulungan](https://twitter.com/riomulyadi_)
- **[Mar 08 - $0]** [Google VRP N/A: SSRF Bypass with Quadzero in Google Cloud Monitoring](https://omespino.com/write-up-google-vrp-n-a-ssrf-bypass-with-quadzero-in-google-cloud-monitoring/)[*](https://web.archive.org/web/20210426152353/https://omespino.com/write-up-google-vrp-n-a-ssrf-bypass-with-quadzero-in-google-cloud-monitoring/) by [Omar Espino](https://twitter.com/omespino)
- **[Mar 08 - $5,000]** [$5,000 YouTube IDOR](https://www.youtube.com/watch?v=FzT3Z7tgDSQ)[*](#) by [Bug Bounty Reports Explained](https://www.youtube.com/channel/UCZDyl7G-Lq-EMVO8PfDFp9g)
- **[Feb 28 - $???]** [Metadata service MITM allows root privilege escalation (EKS / GKE)](https://blog.champtar.fr/Metadata_MITM_root_EKS_GKE/)[*](https://web.archive.org/web/20210629160052/https://blog.champtar.fr/Metadata_MITM_root_EKS_GKE/) by [Etienne Champetier](https://twitter.com/champtar)
- **[Feb 16 - $0]** [Dropping a shell in Google’s Cloud SQL (the speckle-umbrella story)](https://irsl.medium.com/dropping-a-shell-in-googles-cloud-sql-the-speckle-umbrella-story-f9375bd4960d)[*](https://web.archive.org/web/20210426152305/https://irsl.medium.com/dropping-a-shell-in-googles-cloud-sql-the-speckle-umbrella-story-f9375bd4960d) by [Imre Rad](https://www.linkedin.com/in/imre-rad-2358749b/)
- **[Jan 31 - $5,000]** [Hacking YouTube to watch private videos?](https://www.youtube.com/watch?v=hV9CWw0yDA8)[*](#) by [Tech Raj](https://www.youtube.com/channel/UCY7t-zBYtdj6ZgiRpi3WIYg)
- **[Jan 27 - $???]** [Hijacking Google Drive Files (documents, photo & video) through Google Docs Sharing](https://santuysec.id/2021/01/27/hijacking-google-drive-files-documents-photo-video-through-google-docs-sharing/)[*](https://web.archive.org/web/20210426152019/https://santuysec.id/2021/01/27/hijacking-google-drive-files-documents-photo-video-through-google-docs-sharing/) by [santuySec](https://twitter.com/santuySec)
- **[Jan 25 - $5,000]** [This YouTube Backend API Leaks Private Videos](https://www.youtube.com/watch?v=rGx8DB2HsuI)[*](#) by [Hussein Nasser](https://www.youtube.com/channel/UC_ML5xP23TOWKUcc-oAE_Eg)
- **[Jan 18 - $1,337]** [The Embedded YouTube Player Told Me What You Were Watching (and more)](https://bugs.xdavidhu.me/google/2021/01/18/the-embedded-youtube-player-told-me-what-you-were-watching-and-more/)[*](https://web.archive.org/web/20210426151731/https://bugs.xdavidhu.me/google/2021/01/18/the-embedded-youtube-player-told-me-what-you-were-watching-and-more/) by [David SchĂźtz](https://twitter.com/xdavidhu)
- **[Jan 11 - $5,000]** [Stealing Your Private YouTube Videos, One Frame at a Time](https://bugs.xdavidhu.me/google/2021/01/11/stealing-your-private-videos-one-frame-at-a-time/)[*](https://web.archive.org/web/20210426154944/https://bugs.xdavidhu.me/google/2021/01/11/stealing-your-private-videos-one-frame-at-a-time/) by [David SchĂźtz](https://twitter.com/xdavidhu)
- **[Jan 08 - $3,133.7]** [Blind XSS in Google Analytics Admin Panel — $3133.70](https://ashketchum.medium.com/blind-xss-in-google-analytics-admin-panel-3133-70-2185d1cce82a)[*](https://web.archive.org/web/20210426151612/https://ashketchum.medium.com/blind-xss-in-google-analytics-admin-panel-3133-70-2185d1cce82a) by [Ashish Dhone](https://www.linkedin.com/in/ashish-dhone-640489135/)

### 2020:

- **[Dec 30 - $???]** [Getting my first Google VRP trophies](https://irsl.medium.com/getting-my-first-google-vrp-trophies-b56d700face)[*](https://web.archive.org/web/20210426151523/https://irsl.medium.com/getting-my-first-google-vrp-trophies-b56d700face) by [Imre Rad](https://www.linkedin.com/in/imre-rad-2358749b/)
- **[Dec 27 - $???]** [Google VRP Hijacking Google Docs Screenshots](https://blog.geekycat.in/google-vrp-hijacking-your-screenshots/)[*](https://web.archive.org/web/20210426151431/https://blog.geekycat.in/google-vrp-hijacking-your-screenshots/) by [Sreeram KL](https://blog.geekycat.in/author/sreeram/)
- **[Dec 22 - $0]** [SSTI in Google Maps](https://www.ehpus.com/post/ssti-in-google-maps)[*](https://web.archive.org/web/20210426151335/https://www.ehpus.com/post/ssti-in-google-maps) by [Zohar Shacha](https://www.linkedin.com/in/zohar-shachar/)
- **[Dec 21 - $0]** [remote code execution when open a project in android studio that google refused to fix](https://seclists.org/fulldisclosure/2020/Dec/43)[*](https://web.archive.org/web/20210426151314/https://seclists.org/fulldisclosure/2020/Dec/43) by [houjingyi](#)
- **[Dec 19 - $0]** [Google VRP – Sandboxed RCE as root on Apigee API proxies](https://omespino.com/write-up-google-vrp-n-a-sandboxed-rce-as-root-on-apigee-api-proxies/)[*](https://web.archive.org/web/20210426151230/https://omespino.com/write-up-google-vrp-n-a-sandboxed-rce-as-root-on-apigee-api-proxies/) by [Omar Espino](https://twitter.com/omespino)
- **[Nov 12 - $31,337]** [31k$ SSRF in Google Cloud Monitoring led to metadata exposure](https://nechudav.blogspot.com/2020/11/31k-ssrf-in-google-cloud-monitoring.html)[*](https://web.archive.org/web/20210426151128/https://nechudav.blogspot.com/2020/11/31k-ssrf-in-google-cloud-monitoring.html) by [David Nechuta](https://twitter.com/david_nechuta)
- **[Oct 27 - $6,337]** [The YouTube bug that allowed unlisted uploads to any channel](https://infosecwriteups.com/the-youtube-bug-that-allowed-uploads-to-any-channel-3b41c7b7902a)[*](https://web.archive.org/web/20210426151058/https://infosecwriteups.com/the-youtube-bug-that-allowed-uploads-to-any-channel-3b41c7b7902a?gi=82b6e1c806bb) by [Ryan Kovatch](https://kovatch.medium.com/)
- **[Oct 26 - $0]** [Deciphering Google’s mysterious ‘batchexecute’ system](https://kovatch.medium.com/deciphering-google-batchexecute-74991e4e446c)[*](https://web.archive.org/web/20210426151014/https://kovatch.medium.com/deciphering-google-batchexecute-74991e4e446c) by [Ryan Kovatch](https://kovatch.medium.com/)
- **[Oct 15 - $???]** [CVE-2020-15157 "ContainerDrip" Write-up](https://darkbit.io/blog/cve-2020-15157-containerdrip)[*](https://web.archive.org/web/20220511152642/https://darkbit.io/blog/cve-2020-15157-containerdrip) by [Brad Geesaman](https://twitter.com/bradgeesaman)
- **[Oct 08 - $30,000]** [The mass CSRFing of \*.google.com/\* products.](http://www.missoumsai.com/google-csrfs.html)[*](https://web.archive.org/web/20210426150958/https://imgur.com/3fvPuXW) by [Missoum Said](https://twitter.com/missoum1307)
- **[Oct 01 - $5,000]** [Google bug bounty: XSS to Cloud Shell instance takeover (RCE as root) - $5,000 USD](https://omespino.com/write-up-google-bug-bounty-xss-to-cloud-shell-instance-takeover-rce-as-root-5000-usd/)[*](https://web.archive.org/web/20210426150845/https://omespino.com/write-up-google-bug-bounty-xss-to-cloud-shell-instance-takeover-rce-as-root-5000-usd/) by [Omar Espino](https://twitter.com/omespino)
- **[Sep 29 - $???]** [Public Bucket Allowed Access to Images on Upcoming Google Cloud Blog Posts](https://websecblog.com/vulns/public-google-cloud-blog-bucket/)[*](https://web.archive.org/web/20210426150759/https://websecblog.com/vulns/public-google-cloud-blog-bucket/) by [Thomas Orlita](https://twitter.com/ThomasOrlita)
- **[Sep 20 - $500]** [How I earned $500 from Google - Flaw in Authentication](https://medium.com/bugbountywriteup/how-i-earned-500-from-google-flaw-in-authentication-a40018c05616/)[*](https://web.archive.org/web/20210426150722/https://infosecwriteups.com/how-i-earned-500-from-google-flaw-in-authentication-a40018c05616?gi=a7363b706775) by [Hemant Patidar](https://twitter.com/HemantSolo)
- **[Sep 10 - $15,000]** [Universal XSS in Android WebView (CVE-2020-6506)](https://alesandroortiz.com/articles/uxss-android-webview-cve-2020-6506/)[*](https://web.archive.org/web/20231026202309/https://alesandroortiz.com/articles/uxss-android-webview-cve-2020-6506/) by [Alesandro Ortiz](https://twitter.com/AlesandroOrtizR)
- **[Sep 08 - $10,000]** [XSS->Fix->Bypass: 10000$ bounty in Google Maps](https://www.ehpus.com/post/xss-fix-bypass-10000-bounty-in-google-maps)[*](https://web.archive.org/web/20210426150640/https://www.ehpus.com/post/xss-fix-bypass-10000-bounty-in-google-maps) by [Zohar Shacha](https://www.linkedin.com/in/zohar-shachar/)
- **[Sep 07 - $1,337]** [My first bug in google and how i got CSRF token for victim account rather than bypass it](https://medium.com/@odayalhalbe1/my-first-bug-in-google-and-how-i-got-csrf-token-for-victim-account-rather-than-bypass-it-1337-bf01261feb47)[*](https://web.archive.org/web/20210426150615/https://medium.com/@odayalhalbe1/my-first-bug-in-google-and-how-i-got-csrf-token-for-victim-account-rather-than-bypass-it-1337-bf01261feb47) by [Oday Alhalbe](https://bughunter.withgoogle.com/profile/91a2e03b-0b0d-422c-9cd6-aa2a2ae24b57)
- **[Aug 26 - $???]** [Auth bypass: Leaking Google Cloud service accounts and projects](https://www.ezequiel.tech/2020/08/leaking-google-cloud-projects.html)[*](https://web.archive.org/web/20210426150539/https://www.ezequiel.tech/2020/08/leaking-google-cloud-projects.html) by [Ezequiel Pereira](https://twitter.com/epereiralopez)
- **[Aug 25 - $1,337]** [How I Tracked Your Mother: Tracking Waze drivers using UI elements](https://www.malgregator.com/post/waze-how-i-tracked-your-mother/)[*](https://web.archive.org/web/20210426150447/https://www.malgregator.com/post/waze-how-i-tracked-your-mother/) by [Peter Gasper](https://github.com/viralpoetry)
- **[Aug 22 - $???]** [The Short tale of two bugs on Google Cloud Product— Google VRP (Resolved)](https://medium.com/bugbountywriteup/the-short-tale-of-two-bugs-on-google-cloud-product-google-vrp-resolved-47c913dca8fc)[*](https://web.archive.org/web/20210426155551/https://medium.com/bugbountywriteup/the-short-tale-of-two-bugs-on-google-cloud-product-google-vrp-resolved-47c913dca8fc) by [Sriram Kesavan](https://twitter.com/sriramoffcl)
- **[Aug 19 - $???]** [The Confused Mailman: Sending SPF and DMARC passing mail as any Gmail or G Suite customer](https://ezh.es/blog/2020/08/the-confused-mailman-sending-spf-and-dmarc-passing-mail-as-any-gmail-or-g-suite-customer/)[*](https://web.archive.org/web/20210426150355/https://ezh.es/blog/2020/08/the-confused-mailman-sending-spf-and-dmarc-passing-mail-as-any-gmail-or-g-suite-customer/) by [Allison Husain](https://twitter.com/ezhes_)
- **[Aug 18 - $???]** [How to contact Google SRE: Dropping a shell in Cloud SQL](https://www.ezequiel.tech/2020/08/dropping-shell-in.html)[*](https://web.archive.org/web/20210426150212/https://www.ezequiel.tech/2020/08/dropping-shell-in.html) by [Ezequiel Pereira](https://twitter.com/epereiralopez)
- **[Aug 18 - $???]** [Three More Google Cloud Shell Bugs Explained](https://blog.daviddworken.com/posts/cloud-shell-bugs-explained/)[*](https://web.archive.org/web/20210426150303/https://blog.daviddworken.com/posts/cloud-shell-bugs-explained/) by [David Dworken](https://twitter.com/ddworken)
- **[Aug 17 - $???]** [Firebase Cloud Messaging Service Takeover: A small research that led to 30k$+ in bounties](https://abss.me/posts/fcm-takeover/)[*](https://web.archive.org/web/20211106114016/https://abss.me/posts/fcm-takeover/) by [Abss](https://twitter.com/absshax)
- **[Aug 15 - $???]** [How I was able to send Authentic Emails as others - Google VRP (Resolved)](https://medium.com/@sriram_offcl/how-i-was-able-to-send-authentic-emails-as-others-google-vrp-resolved-2af94295f326)[*](https://web.archive.org/web/20210426150142/https://infosecwriteups.com/how-i-was-able-to-send-authentic-emails-as-others-google-vrp-resolved-2af94295f326?gi=f5aa5ddfe308) by [Sriram Kesavan](https://www.twitter.com/sriramoffcl/)
- **[Jul 31 - $4,133.7]** [Script Gadgets! Google Docs XSS Vulnerability Walkthrough](https://www.youtube.com/watch?v=aCexqB9qi70)[*](#) by [LiveOverflow](https://twitter.com/LiveOverflow/)
- **[Jul 28 - $1,337]** [Authorization bypass in Google’s ticketing system (Google-GUTS)](https://www.ehpus.com/post/authorization-bypass-in-google-s-ticketing-system)[*](https://web.archive.org/web/20210426145929/https://www.ehpus.com/post/authorization-bypass-in-google-s-ticketing-system) by [Zohar Shacha](https://www.linkedin.com/in/zohar-shachar/)
- **[Jul 17 - $5,000]** [Idor in google product](https://medium.com/@balook/idor-in-google-datastudio-google-com-f2fa51b763de)[*](https://web.archive.org/web/20210426145859/https://balook.medium.com/idor-in-google-datastudio-google-com-f2fa51b763de) by [baluz](https://twitter.com/critical_b0y)
- **[Jul 14 - $6,267.4]** [Hunting postMessage Vulnerabilities](https://web.archive.org/web/20211016075506/https://insight.claranet.co.uk/technical-blogs/hunting-postmessage-vulnerabilities)[*](#) by [Gary O'leary-Steele](https://twitter.com/garyoleary)
- **[Jun 15 - $3,133.7]** [SMTP Injection in Gsuite](https://www.ehpus.com/post/smtp-injection-in-gsuite)[*](https://web.archive.org/web/20210426145801/https://www.ehpus.com/post/smtp-injection-in-gsuite) by [Zohar Shacha](https://www.linkedin.com/in/zohar-shachar/)
- **[Jun 06 - $500]** [How i earned $500 from google by change one character .](https://medium.com/@odayalhalbe1/how-i-earned-500-from-google-by-change-one-character-8350d2b618e5)[*](https://web.archive.org/web/20210426145720/https://medium.com/@odayalhalbe1/how-i-earned-500-from-google-by-change-one-character-8350d2b618e5) by [Oday Alhalbe](https://bughunter.withgoogle.com/profile/91a2e03b-0b0d-422c-9cd6-aa2a2ae24b57)
- **[Jun 04 - $???]** [Privilege Escalation in Google Cloud Platform's OS Login](https://gitlab.com/gitlab-com/gl-security/gl-redteam/red-team-tech-notes/-/tree/master/oslogin-privesc-june-2020)[*](https://web.archive.org/web/20210426145702/https://gitlab.com/gitlab-com/gl-security/security-operations/gl-redteam/red-team-tech-notes/-/tree/master/oslogin-privesc-june-2020) by [Chris Moberly](https://twitter.com/init_string)
- **[Jun 04 - $???]** [Three Privilege Escalation Bugs in Google Cloud Platform’s OS Login](https://initblog.com/2020/oslogin-privesc/)[*](https://web.archive.org/web/20231124071907/https://initblog.com/2020/oslogin-privesc/) by [initstring](https://twitter.com/init_string)
- **[May 21 - $31,337]** [RCE in Google Cloud Deployment Manager](https://www.ezequiel.tech/2020/05/rce-in-cloud-dm.html)[*](https://web.archive.org/web/20210426145643/https://www.ezequiel.tech/2020/05/rce-in-cloud-dm.html) by [Ezequiel Pereira](https://twitter.com/epereiralopez)
- **[May 10 - $???]** [Bypassing Firebase authorization to create custom goo.gl subdomains](https://websecblog.com/vulns/bypassing-firebase-authorization-to-create-custom-goo-gl-subdomains/)[*](https://web.archive.org/web/20210426145625/https://websecblog.com/vulns/bypassing-firebase-authorization-to-create-custom-goo-gl-subdomains/) by [Thomas Orlita](https://twitter.com/ThomasOrlita)
- **[May 08 - $4,133.7]** [Bypass XSS filter using HTML Escape](https://medium.com/@adonkidz7/bypass-xss-filter-using-html-escape-f2e06bebc8c3)[*](https://web.archive.org/web/20210426145550/https://medium.com/@adonkidz7/bypass-xss-filter-using-html-escape-f2e06bebc8c3) by [Syahri Ramadan](https://twitter.com/adonkidz7)
- **[May 07 - $3,133.7]** [DOM-Based XSS at accounts.google.com by Google Voice Extension](http://www.missoumsai.com/google-accounts-xss.html)[*](https://web.archive.org/web/20210426145453/https://cdn.jsdelivr.net/gh/google/code-prettify@master/loader/run_prettify.js) by [Missoum Said](https://twitter.com/missoum1307)
- **[May 07 - $???]** [Google Acquisition XSS (Apigee)](https://medium.com/@TnMch/google-acquisition-xss-apigee-5479d7b5dc4)[*](https://web.archive.org/web/20210426145510/https://medium.com/@TnMch/google-acquisition-xss-apigee-5479d7b5dc4) by [TnMch](https://twitter.com/TnMch_)
- **[May 03 - $???]** [DOM XSS in Gmail with a little help from Chrome](https://opnsec.com/2020/05/dom-xss-in-gmail-with-a-little-help-from-chrome/)[*](https://web.archive.org/web/20210426145435/https://opnsec.com/2020/05/dom-xss-in-gmail-with-a-little-help-from-chrome/) by [Enguerran Gillier](https://twitter.com/opnsec)
- **[Apr 30 - $6,267.4]** [Researching Polymorphic Images for XSS on Google Scholar](https://blog.doyensec.com/2020/04/30/polymorphic-images-for-xss.html)[*](https://web.archive.org/web/20210426145402/https://blog.doyensec.com/2020/04/30/polymorphic-images-for-xss.html) by [Lorenzo Stella](https://twitter.com/doyensec)
- **[Mar 27 - $3,133.7]** [$3133.7 Google Bug Bounty Writeup- XSS Vulnerability!](https://pethuraj.com/blog/google-bug-bounty-writeup/)[*](https://web.archive.org/web/20210426145344/https://www.pethuraj.com/blog/google-bug-bounty-writeup/) by [Pethuraj M](https://twitter.com/itsmepethu)
- **[Mar 11 - $100,000]** [$100k Hacking Prize - Security Bugs in Google Cloud Platform](https://www.youtube.com/watch?v=J2icGMocQds)[*](#) by [LiveOverflow](https://twitter.com/LiveOverflow/)
- **[Mar 10 - $3,133.7]** [Cookie Tossing to RCE on Google Cloud JupyterLab](https://blog.s1r1us.ninja/research/cookie-tossing-to-rce-on-google-cloud-jupyter-notebooks)[*](https://web.archive.org/web/20211216174102/https://blog.s1r1us.ninja/research/cookie-tossing-to-rce-on-google-cloud-jupyter-notebooks) by [s1r1us](https://twitter.com/S1r1u5_)
- **[Mar 08 - $6,000]** [The unexpected Google wide domain check bypass](https://bugs.xdavidhu.me/google/2020/03/08/the-unexpected-google-wide-domain-check-bypass/)[*](https://web.archive.org/web/20210426145128/https://bugs.xdavidhu.me/google/2020/03/08/the-unexpected-google-wide-domain-check-bypass/) by [David SchĂźtz](https://twitter.com/xdavidhu)
- **[Mar 07 - $5,000]** [Google Ads Self-XSS & Html Injection $5000](https://medium.com/@adonkidz7/google-ads-self-xss-html-injection-5000-52280da76c80)[*](https://web.archive.org/web/20210426145106/https://medium.com/@adonkidz7/google-ads-self-xss-html-injection-5000-52280da76c80) by [Syahri Ramadan](https://twitter.com/adonkidz7)
- **[Jan 12 - $???]** [Information Disclosure Vulnerability in the Google Cloud Speech-to-Text API](https://www.dcine.com/2020/01/12/information-disclosure-vulnerability-in-the-google-cloud-speech-to-text-api/)[*](https://web.archive.org/web/20210426154851/https://www.dcine.com/2020/01/12/information-disclosure-vulnerability-in-the-google-cloud-speech-to-text-api/) by [Dan Maas](https://www.linkedin.com/in/dan-maas-66b2a045/)

### 2019:

- **[Dec 30 - $3,133.7]** [How did I earn $3133.70 from Google Translator? (XSS)](https://medium.com/monetary/how-did-i-earn-3133-70-from-google-translator-9becf942dbdc)[*](https://web.archive.org/web/20210426145004/https://medium.com/monetary/how-did-i-earn-3133-70-from-google-translator-9becf942dbdc) by [Beri Bey](https://medium.com/@beribeys)
- **[Dec 19 - $???]** [SSRF in Google Cloud Platform StackDriver](https://ngailong.wordpress.com/2019/12/19/google-vrp-ssrf-in-google-cloud-platform-stackdriver/)[*](https://web.archive.org/web/20210426144944/https://ngailong.wordpress.com/2019/12/19/google-vrp-ssrf-in-google-cloud-platform-stackdriver/) by [Ron Chan](https://twitter.com/ngalongc)
- **[Dec 16 - $???]** [4 Google Cloud Shell bugs explained](https://offensi.com/2019/12/16/4-google-cloud-shell-bugs-explained-introduction/)[*](https://web.archive.org/web/20210426144926/https://offensi.com/2019/12/16/4-google-cloud-shell-bugs-explained-introduction/) by [Wouter ter Maat](https://twitter.com/wtm_offensi)
- **[Dec 15 - $5,000]** [The File uploading CSRF in Google Cloud Shell Editor](https://obmiblog.blogspot.com/2019/12/gcp-5k-file-uploading-csrf.html)[*](https://web.archive.org/web/20210426144654/https://obmiblog.blogspot.com/2019/12/gcp-5k-file-uploading-csrf.html) by [Obmi](https://bughunter.withgoogle.com/profile/40997bbc-945a-4eca-8408-eed302641c96)
- **[Dec 15 - $5,000]** [The oauth token hijacking in Google Cloud Shell Editor](https://obmiblog.blogspot.com/2019/12/gcp-5k-oauth-token-hijack.html)[*](https://web.archive.org/web/20210426144818/https://obmiblog.blogspot.com/2019/12/gcp-5k-oauth-token-hijack.html) by [Obmi](https://bughunter.withgoogle.com/profile/40997bbc-945a-4eca-8408-eed302641c96)
- **[Dec 15 - $5,000]** [The XSS ( type II ) in Google Cloud Shell Editor](https://obmiblog.blogspot.com/2019/12/gcp-5k-xss-type-ii.html)[*](https://web.archive.org/web/20210426144843/https://obmiblog.blogspot.com/2019/12/gcp-5k-xss-type-ii.html) by [Obmi](https://bughunter.withgoogle.com/profile/40997bbc-945a-4eca-8408-eed302641c96)
- **[Dec 09 - $???]** [BlackAlps 2019: Google Bug Hunters](https://www.youtube.com/watch?v=DTXUMBc1zEc)[*](#) by [Eduardo Vela Nava](https://twitter.com/sirdarckcat)
- **[Nov 29 - $1,337]** [Writeup for the 2019 Google Cloud Platform VRP Prize!](https://medium.com/@missoum1307/writeup-for-the-2019-google-cloud-platform-vrp-prize-4e104ef9f204)[*](https://web.archive.org/web/20210426144427/https://medium.com/@missoum1307/writeup-for-the-2019-google-cloud-platform-vrp-prize-4e104ef9f204) by [Missoum Said](https://twitter.com/missoum1307)
- **[Nov 18 - $???]** [XSS in GMail’s AMP4Email via DOM Clobbering](https://research.securitum.com/xss-in-amp4email-dom-clobbering/)[*](https://web.archive.org/web/20210426144343/https://research.securitum.com/xss-in-amp4email-dom-clobbering/) by [Michał Bentkowski](https://twitter.com/SecurityMB)
- **[Oct 01 - $5,000]** [Google Paid Me to Talk About a Security Issue!](https://www.youtube.com/watch?v=E-P9USG6kLs)[*](#) by [LiveOverflow](https://twitter.com/LiveOverflow/)
- **[Sep 09 - $???]** [Combination of techniques lead to DOM Based XSS in Google](http://sasi2103.blogspot.com/2016/09/combination-of-techniques-lead-to-dom.html)[*](https://web.archive.org/web/20210426144125/https://www.blogger.com/static/v1/widgets/115981500-css_bundle_v2.css) by [Sasi Levi](https://twitter.com/sasi2103)
- **[Aug 31 - $36,337]** [$36k Google App Engine RCE](https://www.ezequiel.tech/p/36k-google-app-engine-rce.html)[*](https://web.archive.org/web/20210426144056/https://www.ezequiel.tech/p/36k-google-app-engine-rce.html) by [Ezequiel Pereira](https://twitter.com/epereiralopez)
- **[Jul 20 - $13,337]** [Into the Borg – SSRF inside Google production network](https://opnsec.com/2018/07/into-the-borg-ssrf-inside-google-production-network/)[*](https://web.archive.org/web/20210426144037/https://opnsec.com/2018/07/into-the-borg-ssrf-inside-google-production-network/) by [Enguerran Gillier](https://twitter.com/opnsec)
- **[Jul 10 - $???]** [Gsuite Hangouts Chat 5k IDOR](https://secreltyhiddenwriteups.blogspot.com/2018/07/gsuite-hangouts-chat-5k-idor.html)[*](https://web.archive.org/web/20210426144021/https://secreltyhiddenwriteups.blogspot.com/2018/07/gsuite-hangouts-chat-5k-idor.html) by [Cameron Vincent](https://twitter.com/secretlyhidden1)
- **[May 21 - $13,337]** [Google Bug Bounty: LFI on Production Servers in “springboard.google.com” – $13,337 USD](https://omespino.com/write-up-google-bug-bounty-lfi-on-production-servers-in-redacted-google-com-13337-usd/)[*](https://web.archive.org/web/20210426143959/https://omespino.com/write-up-google-bug-bounty-lfi-on-production-servers-in-redacted-google-com-13337-usd/) by [Omar Espino](https://twitter.com/omespino)
- **[Apr 27 - $0]** [Broken Access: Posting to Google private groups through any user in the group](https://elbs.medium.com/broken-access-posting-to-google-private-groups-through-any-user-in-the-group-3becfa818894)[*](https://web.archive.org/web/20220319113457/https://elbs.medium.com/broken-access-posting-to-google-private-groups-through-any-user-in-the-group-3becfa818894) by [Elber Andre](https://twitter.com/elber333)
- **[Apr 23 - $???]** [Best Of Google VRP 2018 | nullcon Goa 2019](https://www.youtube.com/watch?v=mJwZfRXs83M)[*](#) by [Daniel Stelter-Gliese](https://ch.linkedin.com/in/daniel-stelter-gliese-170a70a2)
- **[Mar 31 - $???]** [XSS on Google Search - Sanitizing HTML in The Client?](https://www.youtube.com/watch?v=lG7U3fuNw3A)[*](#) by [LiveOverflow](https://twitter.com/LiveOverflow/)
- **[Mar 29 - $0]** [Inserting arbitrary files into anyone’s Google Earth Projects Archive](https://websecblog.com/vulns/google-earth-studio-vulnerability/)[*](https://web.archive.org/web/20210426143537/https://websecblog.com/vulns/google-earth-studio-vulnerability/) by [Thomas Orlita](https://twitter.com/ThomasOrlita)
- **[Mar 26 - $3,133.7]** [How I could have hijacked a victim’s YouTube notifications!](https://hackademic.co.in/youtube-bug/)[*](https://web.archive.org/web/20210426143444/https://hackademic.co.in/youtube-bug/) by [Yash Sodha](https://twitter.com/y_sodha)
- **[Feb 12 - $???]** [Hacking YouTube for #fun and #profit](https://www.linkedin.com/pulse/hacking-youtube-fun-profit-alexandru-coltuneac/)[*](https://web.archive.org/web/20210426143407/https://www.linkedin.com/pulse/hacking-youtube-fun-profit-alexandru-coltuneac/) by [Alexandru Coltuneac](https://twitter.com/dekeeu)
- **[Jan 31 - $???]** [LFI in Apigee portals](https://offensi.com/2019/01/31/lfi-in-apigee-portals/)[*](https://web.archive.org/web/20210426143319/https://offensi.com/2019/01/31/lfi-in-apigee-portals/) by [Wouter ter Maat](https://twitter.com/wtm_offensi)
- **[Jan 30 - $7,500]** [$7.5k Google Cloud Platform organization issue](https://www.ezequiel.tech/2019/01/75k-google-cloud-platform-organization.html)[*](https://web.archive.org/web/20210426143153/https://www.ezequiel.tech/2019/01/75k-google-cloud-platform-organization.html) by [Ezequiel Pereira](https://twitter.com/epereiralopez)
- **[Jan 25 - $3,133.7]** [How I abused 2FA to maintain persistence after a password change (Google, Microsoft, Instagram, Cloudflare, etc)](https://medium.com/@lukeberner/how-i-abused-2fa-to-maintain-persistence-after-a-password-change-google-microsoft-instagram-7e3f455b71a1)[*](https://web.archive.org/web/20210714192039/https://medium.com/@lukeberner/how-i-abused-2fa-to-maintain-persistence-after-a-password-change-google-microsoft-instagram-7e3f455b71a1) by [Luke Berner](https://www.linkedin.com/in/lucas-berner-89865339/)
- **[Jan 18 - $10,000]** [$10k host header](https://www.ezequiel.tech/p/10k-host-header.html)[*](https://web.archive.org/web/20210426143105/https://www.ezequiel.tech/p/10k-host-header.html) by [Ezequiel Pereira](https://twitter.com/epereiralopez)

### 2018:

- **[Dec 12 - $???]** [XSSing Google Code-in thanks to improperly escaped JSON data](https://websecblog.com/vulns/google-code-in-xss/)[*](https://web.archive.org/web/20210426143039/https://websecblog.com/vulns/google-code-in-xss/) by [Thomas Orlita](https://twitter.com/ThomasOrlita)
- **[Dec 11 - $???]** [Clickjacking DOM XSS on Google.org](https://websecblog.com/vulns/clickjacking-xss-on-google-org/)[*](https://web.archive.org/web/20210426143010/https://websecblog.com/vulns/clickjacking-xss-on-google-org/) by [Thomas Orlita](https://twitter.com/ThomasOrlita)
- **[Dec 05 - $500]** [Billion Laugh Attack in https://sites.google.com](https://blog.intothesymmetry.com/2018/12/billion-laugh-attack-in.html)[*](https://web.archive.org/web/20210426142956/https://blog.intothesymmetry.com/2018/12/billion-laugh-attack-in.html) by [Antonio Sanso](https://twitter.com/asanso)
- **[Nov 25 - $???]** [XSS in Google's Acquisition](https://www.secjuice.com/google-hall-of-fame/)[*](https://web.archive.org/web/20210426142909/https://www.secjuice.com/google-hall-of-fame/) by [Abartan Dhakal](https://twitter.com/imhaxormad)
- **[Nov 19 - $???]** [XS-Searching Google’s bug tracker to find out vulnerable source code](https://medium.com/@luanherrera/xs-searching-googles-bug-tracker-to-find-out-vulnerable-source-code-50d8135b7549)[*](https://web.archive.org/web/20210426142831/https://medium.com/@luanherrera/xs-searching-googles-bug-tracker-to-find-out-vulnerable-source-code-50d8135b7549) by [Luan Herrera](https://twitter.com/lbherrera_)
- **[Nov 14 - $58,837]** [Google Cloud Platform vulnerabilities - BugSWAT](https://www.youtube.com/watch?v=9pviQ19njIs)[*](#) by [Ezequiel Pereira](https://twitter.com/epereiralopez)
- **[Nov 11 - $7,500]** [Clickjacking on Google MyAccount Worth 7,500$](https://apapedulimu.click/clickjacking-on-google-myaccount-worth-7500/)[*](https://web.archive.org/web/20210426142610/https://apapedulimu.click/clickjacking-on-google-myaccount-worth-7500/) by [Apapedulimu](https://twitter.com/LocalHost31337)
- **[Oct 04 - $???]** [GoogleMeetRoulette: Joining random meetings](https://www.martinvigo.com/googlemeetroulette/)[*](https://web.archive.org/web/20210426142548/https://www.martinvigo.com/googlemeetroulette/) by [Martin Vigo](https://twitter.com/martin_vigo)
- **[Sep 05 - $???]** [Reflected XSS in Google Code Jam](https://websecblog.com/vulns/reflected-xss-in-google-code-jam/)[*](https://web.archive.org/web/20210426142529/https://websecblog.com/vulns/reflected-xss-in-google-code-jam/) by [Thomas Orlita](https://twitter.com/ThomasOrlita)
- **[Aug 22 - $???]** [Liking GitHub repositories on behalf of other users — Stored XSS in WebComponents.org](https://websecblog.com/vulns/stored-xss-in-webcomponents-org/)[*](https://web.archive.org/web/20210426142509/https://websecblog.com/vulns/stored-xss-in-webcomponents-org/) by [Thomas Orlita](https://twitter.com/ThomasOrlita)
- **[May 25 - $???]** [Waze remote vulnerabilities](http://blog.appscan.io/index.php/2018/05/25/waze-remote-vulnerability-technical-report/)[*](https://web.archive.org/web/20210426142449/https://platform.twitter.com/widgets.js) by [PanguTeam](https://twitter.com/PanguTeam)
- **[Apr 06 - $5,000]** [Missing access control in Google play store](https://vishwarajbhattrai.wordpress.com/2019/06/03/missing-access-control-at-play-store/)[*](https://web.archive.org/web/20220906194012/https://vishwarajbhattrai.wordpress.com/2019/06/03/missing-access-control-at-play-store/) by [Vishwaraj Bhattrai](https://twitter.com/vishwaraj101)
- **[Mar 31 - $5,000]** [$5k Service dependencies](https://www.ezequiel.tech/p/5k-service-dependencies.html)[*](https://web.archive.org/web/20210426142421/https://www.ezequiel.tech/p/5k-service-dependencies.html) by [Ezequiel Pereira](https://twitter.com/epereiralopez)
- **[Mar 28 - $???]** [Stored XSS on biz.waze.com](https://sites.google.com/securifyinc.com/vrp-writeups/waze/waze-xss)[*](https://web.archive.org/web/20210426142404/https://sites.google.com/securifyinc.com/vrp-writeups/waze/waze-xss) by [Rojan Rijal](https://twitter.com/mallocsys)
- **[Mar 07 - $13,337]** [Stored XSS, and SSRF in Google using the Dataset Publishing Language](https://s1gnalcha0s.github.io/dspl/2018/03/07/Stored-XSS-and-SSRF-Google.html)[*](https://web.archive.org/web/20210426142313/https://s1gnalcha0s.github.io/dspl/2018/03/07/Stored-XSS-and-SSRF-Google.html) by [Craig Arendt](https://twitter.com/signalchaos)
- **[Feb 24 - $13,337]** [Bypassing Google’s authentication to access their Internal Admin panels](https://medium.com/bugbountywriteup/bypassing-googles-fix-to-access-their-internal-admin-panels-12acd3d821e3)[*](https://web.archive.org/web/20210426142233/https://infosecwriteups.com/bypassing-googles-fix-to-access-their-internal-admin-panels-12acd3d821e3?gi=7dceba0c0601) by [Vishnu Prasad P G](https://twitter.com/vishnuprasadnta)
- **[Feb 19 - $???]** [Google bugs stories and the shiny pixelbook](https://bughunt1307.herokuapp.com/googlebugs.html)[*](https://web.archive.org/web/20210426142214/https://bughunt1307.herokuapp.com/googlebugs.html) by [Missoum Said](https://twitter.com/missoum1307)
- **[Feb 14 - $7,500]** [$7.5k Google services mix-up](https://www.ezequiel.tech/p/75k-google-services-mix-up.html)[*](https://web.archive.org/web/20210426142153/https://www.ezequiel.tech/p/75k-google-services-mix-up.html) by [Ezequiel Pereira](https://twitter.com/epereiralopez)

### 2017:

- **[Oct 30 - $15,600]** [How I hacked Google’s bug tracking system itself for $15,600 in bounties](https://medium.com/@alex.birsan/messing-with-the-google-buganizer-system-for-15-600-in-bounties-58f86cc9f9a5)[*](https://web.archive.org/web/20210426142116/https://medium.com/@alex.birsan/messing-with-the-google-buganizer-system-for-15-600-in-bounties-58f86cc9f9a5) by [Alex Birsan](https://twitter.com/alxbrsn)
- **[Jun 21 - $???]** [nullcon Goa 2017 - Great Bugs In Google VRP In 2016](https://www.youtube.com/watch?v=zs_nEJ9fh_4)[*](#) by [Martin Straka and Karshan Sharma](https://nullcon.net/website/goa-2017/about-speakers.php)
- **[Jun 08 - $???]** [RuhrSec 2017: Secrets of the Google Vulnerability Reward Program](https://www.youtube.com/watch?v=ueEsOnHJZ80)[*](#) by [Krzysztof Kotowicz](https://ch.linkedin.com/in/kkotowicz)
- **[Mar 09 - $5,000]** [How I found a $5,000 Google Maps XSS (by fiddling with Protobuf)](https://medium.com/@marin_m/how-i-found-a-5-000-google-maps-xss-by-fiddling-with-protobuf-963ee0d9caff)[*](https://web.archive.org/web/20210426154813/https://medium.com/@marin_m/how-i-found-a-5-000-google-maps-xss-by-fiddling-with-protobuf-963ee0d9caff) by [Marin Moulinier](https://github.com/marin-m)
- **[Mar 01 - $???]** [Ok Google, Give Me All Your Internal DNS Information!](https://www.rcesecurity.com/2017/03/ok-google-give-me-all-your-internal-dns-information/)[*](https://web.archive.org/web/20210426141632/https://www.rcesecurity.com/2017/03/ok-google-give-me-all-your-internal-dns-information/) by [Julien Ahrens](https://twitter.com/MrTuxracer)
- **[Feb 26 - $3,133.7]** [Exploiting Clickjacking Vulnerability To Steal User Cookies](https://jasminderpalsingh.info/exploiting-google-clickjacking-vulnerability-to-steal-user-cookies/)[*](https://web.archive.org/web/20210426141611/https://jasminderpalsingh.info/exploiting-google-clickjacking-vulnerability-to-steal-user-cookies/) by [Jasminder Pal Singh](https://twitter.com/Singh_Jasminder)
- **[Jan 04 - $???]** [fastboot oem sha1sum](https://securityresear.ch/2017/01/04/fastboot-oem-sha1sum/)[*](https://web.archive.org/web/20210426141546/https://securityresear.ch/2017/01/04/fastboot-oem-sha1sum/) by [Roee Hay](https://twitter.com/roeehay)

### 2016:

- **[Nov 29 - $???]** [War Stories from Google’s Vulnerability Reward Program](https://www.youtube.com/watch?v=QoE0M7v84ZU)[*](#) by [Gábor Molnár](https://twitter.com/molnar_g)
- **[Oct 09 - $6,000]** [How I got 6000$ from #Google (Google Cloudshell RCE)](https://medium.com/@pranavvenkats/how-i-got-6000-from-google-a4670aa4158d)[*](https://web.archive.org/web/20211224124304/https://medium.com/@pranavvenkats/how-i-got-6000-from-google-a4670aa4158d) by [Pranav Venkat](https://twitter.com/PranavVenkatS)
- **[Aug 26 - $500]** [$500 getClass](https://www.ezequiel.tech/p/500-getclass.html)[*](https://web.archive.org/web/20210426141327/https://www.ezequiel.tech/p/500-getclass.html) by [Ezequiel Pereira](https://twitter.com/epereiralopez)
- **[Feb 28 - $???]** [Stored, Reflected and DOM XSS in Google for Work Connect (GWC)](http://respectxss.blogspot.com/2016/02/stored-reflected-and-dom-xss-in-google.html)[*](https://web.archive.org/web/20210426141309/https://www.blogger.com/static/v1/widgets/115981500-css_bundle_v2.css) by [Ashar Javed](https://twitter.com/soaj1664ashar)

### 2015:

- **[Dec 08 - $???]** [Creative bug which result Stored XSS on m.youtube.com](http://sasi2103.blogspot.com/2015/12/creative-bug-which-result-stored-xss-on.html)[*](https://web.archive.org/web/20210426141238/https://www.blogger.com/static/v1/widgets/115981500-css_bundle_v2.css) by [Sasi Levi](https://twitter.com/sasi2103)
- **[Oct 29 - $???]** [XSS in YouTube Gaming](http://respectxss.blogspot.com/2015/10/xss-in-youtube-gaming.html)[*](https://web.archive.org/web/20210426141159/https://apis.google.com/js/plusone.js) by [Ashar Javed](https://twitter.com/soaj1664ashar)
- **[Jun 26 - $3,133.7]** [Youtube Editor XSS Vulnerability](https://jasminderpalsingh.info/youtube-editor-stored-dom-based-and-self-executed-xss-vulnerability/)[*](https://web.archive.org/web/20210426141130/https://jasminderpalsingh.info/youtube-editor-stored-dom-based-and-self-executed-xss-vulnerability/) by [Jasminder Pal Singh](https://twitter.com/Singh_Jasminder)

### 2014:

- **[Oct 31 - $5,000]** [The 5000$ Google XSS](https://blog.it-securityguard.com/bugbounty-the-5000-google-xss/)[*](https://web.archive.org/web/20210426141105/https://blog.it-securityguard.com/bugbounty-the-5000-google-xss/) by [Patrik Fehrenbach](https://twitter.com/itsecurityguard)
- **[Oct 26 - $1,337]** [Youtube XSS Vulnerability (Stored -> Self Executed)](https://jasminderpalsingh.info/youtube-xss-vulnerability-stored-self-executed/)[*](https://web.archive.org/web/20210426141030/https://jasminderpalsingh.info/youtube-xss-vulnerability-stored-self-executed/) by [Jasminder Pal Singh](https://twitter.com/Singh_Jasminder)
- **[Aug 13 - $???]** [I hate you, so I pawn your Google Open Gallery](https://blog.yappare.com/2014/08/i-hate-you-so-i-pawn-your-google-open.html)[*](https://web.archive.org/web/20210426141004/https://blog.yappare.com/2014/08/i-hate-you-so-i-pawn-your-google-open.html) by [Ahmad Ashraff](https://twitter.com/yappare)
- **[Jan 10 - $???]** [Again, from Nay to Yay in Google Vulnerability Reward Program!](https://blog.yappare.com/2014/01/again-from-nay-to-yay-in-google.html)[*](https://web.archive.org/web/20210426140901/https://blog.yappare.com/2014/01/again-from-nay-to-yay-in-google.html) by [Ahmad Ashraff](https://twitter.com/yappare)

### 2013:

- **[Sep 15 - $3,133.7]** [XSRF and Cookie manipulation on google.com](https://blog.miki.it/2013/9/15/xsrf-cookie-setting-google/)[*](https://web.archive.org/web/20210426140814/https://blog.miki.it/2013/9/15/xsrf-cookie-setting-google/) by [Michele Spagnuolo](https://twitter.com/mikispag)
- **[Jul 08 - $???]** [Stored XSS in GMail](https://blog.miki.it/2013/7/8/stored-xss-in-gmail/)[*](https://web.archive.org/web/20210426140721/https://blog.miki.it/2013/7/8/stored-xss-in-gmail/) by [Michele Spagnuolo](https://twitter.com/mikispag)

### Unknown Date:

- **[??? - $5,000]** [Google VRP : oAuth token stealing](http://bugdisclose.blogspot.com/2017/08/google-vrp-oauth-token-stealing.html)[*](https://web.archive.org/web/20210426134427/http://bugdisclose.blogspot.com/2017/08/google-vrp-oauth-token-stealing.html) by [Harsh Jaiswal](https://twitter.com/rootxharsh)
- **[??? - $???]** [Unauth meetings access](https://sites.google.com/securifyinc.com/vrp-writeups/google-meet/authorization-bugs)[*](https://web.archive.org/web/20210426134719/https://sites.google.com/securifyinc.com/vrp-writeups/google-meet/authorization-bugs) by [Rojan Rijal](https://twitter.com/mallocsys)
- **[??? - $???]** [XSS vulnerability in Google Cloud Shell’s code editor through mini-browser endpoint](https://ψ.fun/i/ZK9Kv)[*](https://web.archive.org/web/20210426134738/https://xn--9xa.fun/i/ZK9Kv) by [Psi](https://ψ.fun/)
- **[??? - $???]** [Information leakage vulnerability in Google Cloud Shell’s proxy service](https://ψ.fun/i/KPMGz)[*](https://web.archive.org/web/20210426135117/https://xn--9xa.fun/i/KPMGz) by [Psi](https://ψ.fun/)
- **[??? - $???]** [XSS vulnerability in Google Cloud Shell’s code editor through SVG files](https://ψ.fun/i/92uQC)[*](https://web.archive.org/web/20210426135226/https://xn--9xa.fun/i/92uQC) by [Psi](https://ψ.fun/)
- **[??? - $???]** [CSWSH vulnerability in Google Cloud Shell’s code editor](https://ψ.fun/i/yvpMj)[*](https://web.archive.org/web/20210426135214/https://xn--9xa.fun/i/yvpMj) by [Psi](https://ψ.fun/)
- **[??? - $3,133.7]** [Open redirects that matter](https://sites.google.com/site/bughunteruniversity/best-reports/openredirectsthatmatter)[*](https://web.archive.org/web/20210426135137/https://sites.google.com/site/bughunteruniversity/best-reports/openredirectsthatmatter) by [Tomasz Bojarski](https://bughunter.withgoogle.com/profile/c25fa487-a4df-4e2e-b877-4d31d8964b82)
- **[??? - $???]** [Voice Squatting & Voice Masquerading Attack against Amazon Alexa and Google Home Actions](https://sites.google.com/site/voicevpasec/)[*](https://web.archive.org/web/20210426140434/https://sites.google.com/site/voicevpasec/) by [???](#)
- **[??? - $???]** [Blind XSS against a Googler](https://sites.google.com/securifyinc.com/vrp-writeups/hire-with-google/blind-xss)[*](https://web.archive.org/web/20210426135137/https://sites.google.com/securifyinc.com/vrp-writeups/hire-with-google/blind-xss) by [Rojan Rijal](https://twitter.com/mallocsys)
- **[??? - $???]** [Multiple XSSs on hire.withgoogle.com](https://sites.google.com/securifyinc.com/vrp-writeups/hire-with-google/xsses)[*](https://web.archive.org/web/20210426140538/https://sites.google.com/securifyinc.com/vrp-writeups/hire-with-google/xsses) by [Rojan Rijal](https://twitter.com/mallocsys)
- **[??? - $???]** [Auth Issues on hire.withgoogle.com](https://sites.google.com/securifyinc.com/vrp-writeups/hire-with-google/auth-issues)[*](https://web.archive.org/web/20210426140604/https://sites.google.com/securifyinc.com/vrp-writeups/hire-with-google/auth-issues) by [Rojan Rijal](https://twitter.com/mallocsys)
- **[??? - $???]** [G Suite - Device Management XSS](https://sites.google.com/securifyinc.com/vrp-writeups/gsuite/bookmark-xss-device-management)[*](https://web.archive.org/web/20210426140631/https://sites.google.com/securifyinc.com/vrp-writeups/gsuite/bookmark-xss-device-management) by [Rojan Rijal](https://twitter.com/mallocsys)