Suppose someone wanted to dive into other projects with the ambition of finding high value bugs. Besides chromium what would you recommend or consider? What would be your thought process for deciding what projects to look into?
Suppose someone wanted to dive into other projects with the ambition of finding high value bugs. Besides chromium what would you recommend or consider? What would be your thought process for deciding what projects to look into?
The answer to your question is WebKit (because iOS), kernels (XNU, Linux, Windows) etc. In case you are not familiar with the domain I'd start with user-space exploitation and relevant write ups to get my feet wet. You'll find plenty of write ups, blogs etc. so I'll skip those. Some of the books I generally found interesting are [1],[2], [3]. There's more to that, including fundamental concepts of CS (e.g., compilers and optimization in JITs, OS architecture etc.). I believe also https://p.ost2.fyi/dashboard has some relevant training.
[1] https://nostarch.com/zero-day
[2] https://nostarch.com/hacking2.htm
[3] https://ia801309.us.archive.org/26/items/Wiley.The.Shellcode...
Bugs are "High value" in different ways, you have to find the companies willing to pay highly. Most of the high payers are on bug bounty programs (like hackerone.com) and don't always give you ability to talk about bugs later.
Google is quite unique here, particularly given Chrome is paying easily 10x what Mozilla would for a sandbox escape. Apple is in the middle -- per [1] a "WebContent sandbox escape" would be $50k, but to get $250k on their scale you need to combine that with a kernel bug.
So if you want to optimise for "value", you have to pick the targets that are easier (still not easy, obviously).
[1]: https://security.apple.com/bounty/categories/