[rprime]

Indeed, or sometimes I want to try certain attack vendors and the next second I am thinking I am fooling myself, they're smarter than me, they wouldn't leave such bugs in, queue a few weeks later, someone gets a few $k because they let themselves sucked into it :D.

I guess it's as much mindset as it's skill.

[Ajedi32]

I got a bug bounty once because I reported a bug in Chrome that someone else was complaining about in the comments section of a tech blog.

If instead of just complaining that commenter had taken the time to fill out a bug report they could have easily gotten the bounty instead.

Sometimes it just takes a tiny bit of extra effort to go from noticing something's amiss to actually doing something to get it fixed.

[rootsudo]

Good idea. Imagine if you can do one bug report a month. 5K is nice income.

[dsacco]

What was the security issue?

[Ajedi32]

CVE-2015-1274

Basically, Chrome allowed users to use the "Always open files of this type" option with executable files. So if anyone was ever foolish enough to set that option after downloading a `.exe` on Windows, any future site they visited could take over their machine just by initiating a download for a malicious executable.