[esturk]

I wonder if s/he save a bunch of bugs to chain together a single big exploit. From the latest report, there was 6 bugs chained together.

Imagine reporting 6 small bugs individually that nets you 6 x 1000$ = 6k$. But if you save each one, it may chain together for a potential 100k$ bounty. Of course, any insight that reveals these underlying relations is most certainly worth 100k$.

[lomnakkus]

AFAIUI (not a security researcher) that's actually how most of the most devastating security exploits work. There are obvious exceptions like HEARTBLEED, but in general escalation through multiple levels seems to be the name of the game.

[rodjun]

Or you can just get root from javascript, which that guy also did

[jwilk]

If they care about security, they shouldn't pay more for chaining, because that gives security researchers incentive to hoard vulnerabilities, rather than report them ASAP.