Hacker News new | ask | show | jobs
by tillulen 498 days ago
How much does a Firefox 0-day cost these days on the grey market compared to a Chrome 0-day with sandbox escape?
3 comments
mr_mitm 497 days ago
Not sure how reliable this information is [1], but apparently, 200k vs 500k. Another [2] organization states 350k vs 1.5M (including LPE).

[1] https://opzero.ru/en/prices/

[2] https://www.crowdfense.com/exploit-acquisition-program/

link
Arech 497 days ago
Disproportionally more if you divide it on the user base to get the cost of targeting 1 user when you want them all (and most of evildoers want that exactly).
link
tptacek 497 days ago
No, that's not at all how the market for high-end zero-day vulnerabilities work. It's interesting to see people just make random stuff up from first principles. Actual market participants have talked through this stuff; you can just find out empirically.
link
tptacek 497 days ago
Drastically less.
link