[richardboegli]

> they were nice enough to compensate me for my efforts and were very nice in general.

They were compensated, but doesn't elaborate.

[jsheard]

Sounds like it was handled better than the authors last article where the Arc browser company initially didn't offer any bounty for a similar RCE, then awarded a paltry $2k after getting roasted, and finally bumped it up to $20k after getting roasted even more.

[sphars]

They later updated their post, at the bottom:

> for those wondering, in total i got 5k for this vuln, which i dont blame todesktop for because theyre a really small company

[oriettaxx]

50.000$ additional to the first 5.000$ :)

Woooowwww!

See latest line: "update: cursor (one of the affected customers) is giving me 50k USD for my efforts."