Grey market, not black. It's been several months since I've talked to anyone in the space but full-chain reliable quiet Chrome exploit packages were high six figures, with discussions starting about bugs reaching 7 figures imminently, and the people I talked to might have been talking that down (or talking it up).
Again, remember that grey market payouts are tranched, so you could get 3x more than Google would pay, or you could get 0.5x, and for much more work.
Google security team is really good, however sometimes things are controversial because certain bugs gets ignored in MS-way which is famous for not paying/not fixing.
Grey market, not black. It's been several months since I've talked to anyone in the space but full-chain reliable quiet Chrome exploit packages were high six figures, with discussions starting about bugs reaching 7 figures imminently, and the people I talked to might have been talking that down (or talking it up).
Again, remember that grey market payouts are tranched, so you could get 3x more than Google would pay, or you could get 0.5x, and for much more work.
I’m sure there is a black market for something like this?
I'm sure there is too, but I think over the medium term the government market is going to consistently outbid it.
not 250k for sure :)
Google security team is really good, however sometimes things are controversial because certain bugs gets ignored in MS-way which is famous for not paying/not fixing.