Awesome Google VRP Writeups

🐛 A list of writeups from the Google VRP Bug Bounty program

*writeups: not just writeups

Follow @gvrp_writeups on Twitter to get new writeups straigt into your feed!

Contributing:

If you know of any writeups/videos not listed in this repository, feel free to open a Pull Request.

To add a new writeup, simply add a new line to writeups.csv:

[YYYY-MM-DD],[bounty],[title],[url],[author-name],[author-url],[type],false,?

If a value is not available, write ?. The value of type can either be blog or video. If any of the fields include a ,, please wrap the value in quotes. Please keep the last two fields set to false and ?. The automation will modify these fields. If available, set author-url to the author's Twitter URL, so the automation can @mention the author.

Writeups:

2024:

• [Nov 11 - $???] Release-Drafter To google/accompanist Compromise: VRP Writeup* by Adnan Khan

• [Sep 25 - $4,837] XS-Search on Google Photos* by NDevTK

• [Sep 19 - $3,133.7] Office Editing for Docs Sheets & Slides leak* by NDevTK

• [Sep 19 - $4,133.7] Using YouTube to steal your files* by Lyra Rebane

• [Aug 26 - $500] [$500] How I was able to give verification badge to any YouTube channel and bypass needed requirements* by Vojtech Cekal

• [Aug 24 - $1,337] Exploiting Sandbox Escape Vulnerability in Apigee PythonScript Policy* by Nikita Markevich

• [Aug 16 - $1,337] Kicking Off the Apigee Security Series: Discovering Rhino’s Blind Spot* by Nikita Markevich

• [Aug 13 - $???] ArtiPACKED: Hacking Giants Through a Race Condition in GitHub Actions Artifacts* by Yaron Avital

• [Aug 04 - $???] How I Got Critical P2 Bug on Google* by Kazi Hashibur Rahman

• [Aug 02 - $1,000] Chromium infra leak* by NDevTK

• [Aug 02 - $???] Supply Chain Attack on Chromium-BiDi and Puppeteer via GitHub Cache Poisoning* by inspector-ambitious

• [Aug 01 - $3,133.7] idx.google.com XSS* by NDevTK

• [Aug 01 - $14,008.7] Android web attack surface* by NDevTK

• [Jul 31 - $???] Escalating Privileges in Google Cloud via Open Groups* by Thomas Elling

• [Jul 26 - $???] Leaking All Users Google Drive Files* by Cameron Vincent

• [Jul 24 - $???] ConfusedFunction: A Privilege Escalation Vulnerability Impacting GCP Cloud Functions* by Liv Matan

• [Apr 15 - $7,500] An Obscure Actions Workflow Vulnerability in Google’s Flank* by Adnan Khan

• [Mar 23 - $4,133.7] Hacking the Giant: How I Discovered Google’s Vulnerability and Hall of Fame Recognition* by Henry N. Caga

• [Mar 04 - $50,000] We Hacked Google A.I. for $50,000* by Lupin

2023:

• [Nov 14 - $10,000] Uncovering a crazy privilege escalation from Chrome extensions* by Derin Eryilmaz
• [Nov 14 - $???] Google VRP -[IDOR] Deleted Victim Data & Leaked* by Gilang Romadon
• [Nov 02 - $???] ApatchMe - Authenticated Stored XSS Vulnerability in AWS and GCP Apache Airflow Services* by Tenable
• [Oct 19 - $???] Google Cloud Vertex AI - Data Exfiltration Vulnerability Fixed in Generative AI Studio* by Johann Rehberger
• [Sep 18 - $???] How i found an Stored XSS on Google Books* by Sokol Çavdarbasha
• [Sep 11 - $???] GCP CloudSQL Vulnerability Leads to Internal Container Access and Data Exposure* by Ofir Balassiano
• [Aug 18 - $18,833.7] Google Extensions* by NDevTK
• [Jul 22 - $???] Hijacking Cloud CI/CD Systems for Fun and Profit* by Divyanshu
• [Jul 07 - $0] A Journey Into Hacking Google Search Appliance* by DEVCORE
• [Jul 03 - $500] Hunting for Nginx Alias Traversals in the wild* by Hakai Offensive Security
• [Jun 30 - $???] Server-side Template Injection Leading to RCE on Google VRP* by mizzleneupane
• [Jun 23 - $1,337] Insecure sandbox on Colaboratory* by NDevTK
• [Jun 21 - $4,133.7] Unveiling a Critical Authentication Bypass Vulnerability in Google Cloud API Gateway* by Securing Bits
• [Jun 11 - $7,500] googlesource.com access_token leak* by NDevTK
• [Jun 09 - $6,000] XSS in GMAIL Dynamic Email (AMP for Email)* by asdqw3
• [Apr 20 - $???] GhostToken – Exploiting GCP application infrastructure to create invisible, unremovable trojan app on Google accounts* by Astrix Security
• [Apr 18 - $???] How Material Security Uncovered a Vulnerability in the Gmail API* by Material Security
• [Apr 13 - $500] Remote Code Execution Vulnerability in Google They Are Not Willing To Fix* by Giraffe Security
• [Mar 31 - $0] Unveiling the Secrets: My Journey of Hacking Google’s OSS* by 7h3h4ckv157
• [Mar 28 - $???] The curl quirk that exposed Burp Suite & Google Chrome* by Paul Mutton
• [Mar 18 - $???] Exploiting aCropalypse: Recovering Truncated PNGs* by David Buchanan
• [Mar 13 - $5,000] The Time I Hacked Google’s Manual Actions Database* by Tom Anthony
• [Mar 11 - $1,837] CCAI XSS* by NDevTK
• [Feb 10 - $500] Information disclosure or GDPR breach? A Google tale…* by Luke Berner
• [Feb 09 - $???] Broken Access Control can create Asset library whereas role access is billing + IDOR | Google Ads* by Gilang Romadon
• [Feb 07 - $0] Google Meet Flaw — Join Any Organisation Call (Not an 0day but still acts as 0day) — Refused by GoogleVRP* by Basavaraj Banakar
• [Feb 05 - $???] I was able to see likes count even though it was hidden by the victim | YouTube App 16.15.35* by R ando
• [Jan 22 - $???] How i was able to get critical bug on google by get full access on [Google Cloud BI Hackathon]* by Orwa Atyat
• [Jan 15 - $3,133.7] XSS using postMessage in Google Cloud Theia notebooks [Google VRP]* by Sreeram KL
• [Jan 13 - $3,133.7] Bypassing authorization in Google Cloud Workstations [Google VRP]* by Sivanesh Ashok
• [Jan 12 - $6,000] SSH key injection in Google Cloud Compute Engine [Google VRP]* by Sivanesh Ashok
• [Jan 12 - $3,133.7] Client-Side SSRF to Google Cloud Project Takeover [Google VRP]* by Sreeram KL
• [Jan 06 - $2,337] Identity-Aware Proxy Misconfiguration- Google Cloud Vulnerability* by Borna Nematzadeh

2022:

• [Dec 26 - $107,500] Turning Google smart speakers into wiretaps for $100k* by Matt Kunze
• [Dec 26 - $20,000] Few bugs in the google cloud shell* by Obmi
• [Nov 30 - $1,337] The space creators can still see the members of the space, even after they have been removed from the space.* by Vivek M
• [Nov 10 - $70,000] Accidental $70k Google Pixel Lock Screen Bypass* by David Schütz
• [Sep 22 - $0] Exploiting Distroless Images* by Daniel Teixeira
• [Sep 16 - $???] Cloning internal Google repos for fun and… info?* by Luke Berner
• [Sep 06 - $3,133.7] IDOR leads to removing members from any Google Chat Space.* by Vivek M
• [Jul 26 - $8,133.7] Google Play and DevSite XSS* by NDevTK
• [Jun 09 - $???] How to download eBooks from Google Play Store without paying for them* by Yess
• [Apr 23 - $1,337] Launching a Supply Chain Counterattack Against Google and OpenSSF* by Alan Cao
• [Mar 25 - $0] Clipboard hazard with Google Sheets* by Imre Rad
• [Mar 19 - $10,000] System environment variables leak on Google Chrome - Microsoft Edge and Opera* by Maciej Pulikowski
• [Mar 08 - $???] Container Escape to Shadow Admin: GKE Autopilot Vulnerabilities* by Unit 42
• [Feb 20 - $3,133.7] Send a Email and get kicked out of Google Groups - A Feature that almost broke Google Groups* by Sriram
• [Feb 06 - $2,674] Auth Bypass in Google Assistant* by David Schütz
• [Feb 06 - $1,337] Auth Bypass in com.google.android.googlequicksearchbox* by David Schütz
• [Feb 02 - $???] How I Was Able To Track You Around The Globe!* by Nikhil Kaushik

2021:

• [Dec 30 - $5,000] Email storage leaking ticket-attachment* by NDevTK
• [Dec 28 - $3,133.7] RCE in Google Cloud Dataflow* by Mike Brancato
• [Dec 25 - $???] How I Saved Christmas For Google!* by Nikhil Kaushik
• [Dec 21 - $5,000] Google Cloud Shell XSS* by NDevTK
• [Dec 05 - $6,267.4] SSRF vulnerability in AppSheet - Google VRP* by David Nechuta
• [Nov 21 - $???] Becoming A Super Admin In Someone Elses Gsuite Organization And Taking It Over* by Cameron Vincent
• [Nov 17 - $10,401.1] Reacting to myself finding an SSRF vulnerability in Google Cloud* by David Schütz
• [Nov 11 - $1,337] GOOGLE VRP BUG BOUNTY: /etc/environment local variables exfiltrated on Linux Google Earth Pro desktop app* by Omar Espino
• [Oct 24 - $7,500] A 7500$ Google sites IDOR* by r0ckin
• [Oct 18 - $???] The Speckle Umbrella story — part 2* by Imre Rad
• [Oct 14 - $0] GOOGLE VRP N/A: Arbitrary local file read (macOS) via <a> tag and null byte (%00) in Google Earth Pro Desktop app* by Omar Espino
• [Oct 11 - $0] Hacking YouTube With MP4* by Florian Mathieu
• [Oct 08 - $25,401.1] 4 Weird Google VRP Bugs in 40 Minutes - Hacktivity 2021* by David Schütz
• [Sep 28 - $???] Google Extensible Service Proxy v1 - CWE-287 Improper Authentication* by Imre Rad
• [Sep 10 - $1,337] Bypassing GCP Org Policy with Custom Metadata* by Kat Traxler
• [Sep 06 - $4,133.7] 2 CSRF 1 IDOR on Google Marketing Platform* by Apapedulimu
• [Aug 24 - $???] The Nomulus rift* by Imre Rad
• [Aug 23 - $???] Hey Google ! - Delete my Data Properly — #GoogleVRP* by Sriram Kesavan
• [Jul 13 - $???] Unencrypted HTTP Links to Google Scholar in Search* by David Schütz
• [Jul 08 - $0] IDOR on clientauthconfig.googleapis.com* by David Schütz
• [Jun 25 - $???] Google Compute Engine (GCE) VM takeover via DHCP flood* by Imre Rad
• [Jun 16 - $???] Story of Google Hall of Fame and Private program bounty worth $$$$* by Basavaraj Banakar
• [Jun 13 - $3,133.7] Privilege escalation on https://dialogflow.cloud.google.com* by lalka
• [Jun 09 - $500] Author spoofing in Google Colaboratory* by Zohar Shacha
• [May 31 - $10,000] AppCache's forgotten tales* by Luan Herrera
• [May 17 - $???] Clickjacking in Nearby Devices Dashboard* by David Schütz
• [May 16 - $5,000] Auth Bypass in https://nearbydevices-pa.googleapis.com* by David Schütz
• [May 05 - $???] How I Hacked Google App Engine: Anatomy of a Java Bytecode Exploit* by Robert Grosse
• [Apr 29 - $???] De-anonymising Anonymous Animals in Google Workspace* by David Schütz
• [Apr 21 - $???] IDOR leads to how many likes that was hidden | Youtube* by R Ando
• [Apr 20 - $???] Auth Bypass in Google Workspace Real Time Collaboration* by David Schütz
• [Apr 13 - $1,337] Google Photos : Theft of Database & Arbitrary Files Android Vulnerability* by Rahul Kankrale
• [Apr 09 - $31,337] Explaining the exploit to $31,337 Google Cloud blind SSRF* by Bug Bounty Reports Explained
• [Apr 06 - $31,337] $31,337 Google Cloud blind SSRF + HANDS-ON labs* by Bug Bounty Reports Explained
• [Apr 05 - $6,000] I Built a TV That Plays All of Your Private YouTube Videos* by David Schütz
• [Apr 02 - $100] Play a game, get Subscribed to my channel - YouTube Clickjacking Bug* by Sriram Kesavan
• [Mar 22 - $5,000] File System Access API - vulnerabilities* by Maciej Pulikowski
• [Mar 21 - $???] How I made it to Google HOF?* by Sudhanshu Rajbhar
• [Mar 17 - $165,174] Hacking into Google's Network for $133,337* by LiveOverflow
• [Mar 11 - $3,133.7] How I Get Blind XSS At Google With Dork (First Bounty and HOF )* by Rio Mulyadi Pulungan
• [Mar 08 - $0] Google VRP N/A: SSRF Bypass with Quadzero in Google Cloud Monitoring* by Omar Espino
• [Mar 08 - $5,000] $5,000 YouTube IDOR* by Bug Bounty Reports Explained
• [Feb 28 - $???] Metadata service MITM allows root privilege escalation (EKS / GKE)* by Etienne Champetier
• [Feb 16 - $0] Dropping a shell in Google’s Cloud SQL (the speckle-umbrella story)* by Imre Rad
• [Jan 31 - $5,000] Hacking YouTube to watch private videos?* by Tech Raj
• [Jan 27 - $???] Hijacking Google Drive Files (documents, photo & video) through Google Docs Sharing* by santuySec
• [Jan 25 - $5,000] This YouTube Backend API Leaks Private Videos* by Hussein Nasser
• [Jan 18 - $1,337] The Embedded YouTube Player Told Me What You Were Watching (and more)* by David Schütz
• [Jan 11 - $5,000] Stealing Your Private YouTube Videos, One Frame at a Time* by David Schütz
• [Jan 08 - $3,133.7] Blind XSS in Google Analytics Admin Panel — $3133.70* by Ashish Dhone

2020:

• [Dec 30 - $???] Getting my first Google VRP trophies* by Imre Rad
• [Dec 27 - $???] Google VRP Hijacking Google Docs Screenshots* by Sreeram KL
• [Dec 22 - $0] SSTI in Google Maps* by Zohar Shacha
• [Dec 21 - $0] remote code execution when open a project in android studio that google refused to fix* by houjingyi
• [Dec 19 - $0] Google VRP – Sandboxed RCE as root on Apigee API proxies* by Omar Espino
• [Nov 12 - $31,337] 31k$ SSRF in Google Cloud Monitoring led to metadata exposure* by David Nechuta
• [Oct 27 - $6,337] The YouTube bug that allowed unlisted uploads to any channel* by Ryan Kovatch
• [Oct 26 - $0] Deciphering Google’s mysterious ‘batchexecute’ system* by Ryan Kovatch
• [Oct 15 - $???] CVE-2020-15157 "ContainerDrip" Write-up* by Brad Geesaman
• [Oct 08 - $30,000] The mass CSRFing of *.google.com/* products.* by Missoum Said
• [Oct 01 - $5,000] Google bug bounty: XSS to Cloud Shell instance takeover (RCE as root) - $5,000 USD* by Omar Espino
• [Sep 29 - $???] Public Bucket Allowed Access to Images on Upcoming Google Cloud Blog Posts* by Thomas Orlita
• [Sep 20 - $500] How I earned $500 from Google - Flaw in Authentication* by Hemant Patidar
• [Sep 10 - $15,000] Universal XSS in Android WebView (CVE-2020-6506)* by Alesandro Ortiz
• [Sep 08 - $10,000] XSS->Fix->Bypass: 10000$ bounty in Google Maps* by Zohar Shacha
• [Sep 07 - $1,337] My first bug in google and how i got CSRF token for victim account rather than bypass it* by Oday Alhalbe
• [Aug 26 - $???] Auth bypass: Leaking Google Cloud service accounts and projects* by Ezequiel Pereira
• [Aug 25 - $1,337] How I Tracked Your Mother: Tracking Waze drivers using UI elements* by Peter Gasper
• [Aug 22 - $???] The Short tale of two bugs on Google Cloud Product— Google VRP (Resolved)* by Sriram Kesavan
• [Aug 19 - $???] The Confused Mailman: Sending SPF and DMARC passing mail as any Gmail or G Suite customer* by Allison Husain
• [Aug 18 - $???] How to contact Google SRE: Dropping a shell in Cloud SQL* by Ezequiel Pereira
• [Aug 18 - $???] Three More Google Cloud Shell Bugs Explained* by David Dworken
• [Aug 17 - $???] Firebase Cloud Messaging Service Takeover: A small research that led to 30k$+ in bounties* by Abss
• [Aug 15 - $???] How I was able to send Authentic Emails as others - Google VRP (Resolved)* by Sriram Kesavan
• [Jul 31 - $4,133.7] Script Gadgets! Google Docs XSS Vulnerability Walkthrough* by LiveOverflow
• [Jul 28 - $1,337] Authorization bypass in Google’s ticketing system (Google-GUTS)* by Zohar Shacha
• [Jul 17 - $5,000] Idor in google product* by baluz
• [Jul 14 - $6,267.4] Hunting postMessage Vulnerabilities* by Gary O'leary-Steele
• [Jun 15 - $3,133.7] SMTP Injection in Gsuite* by Zohar Shacha
• [Jun 06 - $500] How i earned $500 from google by change one character .* by Oday Alhalbe
• [Jun 04 - $???] Privilege Escalation in Google Cloud Platform's OS Login* by Chris Moberly
• [Jun 04 - $???] Three Privilege Escalation Bugs in Google Cloud Platform’s OS Login* by initstring
• [May 21 - $31,337] RCE in Google Cloud Deployment Manager* by Ezequiel Pereira
• [May 10 - $???] Bypassing Firebase authorization to create custom goo.gl subdomains* by Thomas Orlita
• [May 08 - $4,133.7] Bypass XSS filter using HTML Escape* by Syahri Ramadan
• [May 07 - $3,133.7] DOM-Based XSS at accounts.google.com by Google Voice Extension* by Missoum Said
• [May 07 - $???] Google Acquisition XSS (Apigee)* by TnMch
• [May 03 - $???] DOM XSS in Gmail with a little help from Chrome* by Enguerran Gillier
• [Apr 30 - $6,267.4] Researching Polymorphic Images for XSS on Google Scholar* by Lorenzo Stella
• [Mar 27 - $3,133.7] $3133.7 Google Bug Bounty Writeup- XSS Vulnerability!* by Pethuraj M
• [Mar 11 - $100,000] $100k Hacking Prize - Security Bugs in Google Cloud Platform* by LiveOverflow
• [Mar 10 - $3,133.7] Cookie Tossing to RCE on Google Cloud JupyterLab* by s1r1us
• [Mar 08 - $6,000] The unexpected Google wide domain check bypass* by David Schütz
• [Mar 07 - $5,000] Google Ads Self-XSS & Html Injection $5000* by Syahri Ramadan
• [Jan 12 - $???] Information Disclosure Vulnerability in the Google Cloud Speech-to-Text API* by Dan Maas

2019:

• [Dec 30 - $3,133.7] How did I earn $3133.70 from Google Translator? (XSS)* by Beri Bey
• [Dec 19 - $???] SSRF in Google Cloud Platform StackDriver* by Ron Chan
• [Dec 16 - $???] 4 Google Cloud Shell bugs explained* by Wouter ter Maat
• [Dec 15 - $5,000] The File uploading CSRF in Google Cloud Shell Editor* by Obmi
• [Dec 15 - $5,000] The oauth token hijacking in Google Cloud Shell Editor* by Obmi
• [Dec 15 - $5,000] The XSS ( type II ) in Google Cloud Shell Editor* by Obmi
• [Dec 09 - $???] BlackAlps 2019: Google Bug Hunters* by Eduardo Vela Nava
• [Nov 29 - $1,337] Writeup for the 2019 Google Cloud Platform VRP Prize!* by Missoum Said
• [Nov 18 - $???] XSS in GMail’s AMP4Email via DOM Clobbering* by Michał Bentkowski
• [Oct 01 - $5,000] Google Paid Me to Talk About a Security Issue!* by LiveOverflow
• [Sep 09 - $???] Combination of techniques lead to DOM Based XSS in Google* by Sasi Levi
• [Aug 31 - $36,337] $36k Google App Engine RCE* by Ezequiel Pereira
• [Jul 20 - $13,337] Into the Borg – SSRF inside Google production network* by Enguerran Gillier
• [Jul 10 - $???] Gsuite Hangouts Chat 5k IDOR* by Cameron Vincent
• [May 21 - $13,337] Google Bug Bounty: LFI on Production Servers in “springboard.google.com” – $13,337 USD* by Omar Espino
• [Apr 27 - $0] Broken Access: Posting to Google private groups through any user in the group* by Elber Andre
• [Apr 23 - $???] Best Of Google VRP 2018 | nullcon Goa 2019* by Daniel Stelter-Gliese
• [Mar 31 - $???] XSS on Google Search - Sanitizing HTML in The Client?* by LiveOverflow
• [Mar 29 - $0] Inserting arbitrary files into anyone’s Google Earth Projects Archive* by Thomas Orlita
• [Mar 26 - $3,133.7] How I could have hijacked a victim’s YouTube notifications!* by Yash Sodha
• [Feb 12 - $???] Hacking YouTube for #fun and #profit* by Alexandru Coltuneac
• [Jan 31 - $???] LFI in Apigee portals* by Wouter ter Maat
• [Jan 30 - $7,500] $7.5k Google Cloud Platform organization issue* by Ezequiel Pereira
• [Jan 25 - $3,133.7] How I abused 2FA to maintain persistence after a password change (Google, Microsoft, Instagram, Cloudflare, etc)* by Luke Berner
• [Jan 18 - $10,000] $10k host header* by Ezequiel Pereira

2018:

• [Dec 12 - $???] XSSing Google Code-in thanks to improperly escaped JSON data* by Thomas Orlita
• [Dec 11 - $???] Clickjacking DOM XSS on Google.org* by Thomas Orlita
• [Dec 05 - $500] Billion Laugh Attack in https://sites.google.com* by Antonio Sanso
• [Nov 25 - $???] XSS in Google's Acquisition* by Abartan Dhakal
• [Nov 19 - $???] XS-Searching Google’s bug tracker to find out vulnerable source code* by Luan Herrera
• [Nov 14 - $58,837] Google Cloud Platform vulnerabilities - BugSWAT* by Ezequiel Pereira
• [Nov 11 - $7,500] Clickjacking on Google MyAccount Worth 7,500$* by Apapedulimu
• [Oct 04 - $???] GoogleMeetRoulette: Joining random meetings* by Martin Vigo
• [Sep 05 - $???] Reflected XSS in Google Code Jam* by Thomas Orlita
• [Aug 22 - $???] Liking GitHub repositories on behalf of other users — Stored XSS in WebComponents.org* by Thomas Orlita
• [May 25 - $???] Waze remote vulnerabilities* by PanguTeam
• [Apr 06 - $5,000] Missing access control in Google play store* by Vishwaraj Bhattrai
• [Mar 31 - $5,000] $5k Service dependencies* by Ezequiel Pereira
• [Mar 28 - $???] Stored XSS on biz.waze.com* by Rojan Rijal
• [Mar 07 - $13,337] Stored XSS, and SSRF in Google using the Dataset Publishing Language* by Craig Arendt
• [Feb 24 - $13,337] Bypassing Google’s authentication to access their Internal Admin panels* by Vishnu Prasad P G
• [Feb 19 - $???] Google bugs stories and the shiny pixelbook* by Missoum Said
• [Feb 14 - $7,500] $7.5k Google services mix-up* by Ezequiel Pereira

2017:

• [Oct 30 - $15,600] How I hacked Google’s bug tracking system itself for $15,600 in bounties* by Alex Birsan
• [Jun 21 - $???] nullcon Goa 2017 - Great Bugs In Google VRP In 2016* by Martin Straka and Karshan Sharma
• [Jun 08 - $???] RuhrSec 2017: Secrets of the Google Vulnerability Reward Program* by Krzysztof Kotowicz
• [Mar 09 - $5,000] How I found a $5,000 Google Maps XSS (by fiddling with Protobuf)* by Marin Moulinier
• [Mar 01 - $???] Ok Google, Give Me All Your Internal DNS Information!* by Julien Ahrens
• [Feb 26 - $3,133.7] Exploiting Clickjacking Vulnerability To Steal User Cookies* by Jasminder Pal Singh
• [Jan 04 - $???] fastboot oem sha1sum* by Roee Hay

2016:

• [Nov 29 - $???] War Stories from Google’s Vulnerability Reward Program* by Gábor Molnár
• [Oct 09 - $6,000] How I got 6000$ from #Google (Google Cloudshell RCE)* by Pranav Venkat
• [Aug 26 - $500] $500 getClass* by Ezequiel Pereira
• [Feb 28 - $???] Stored, Reflected and DOM XSS in Google for Work Connect (GWC)* by Ashar Javed

2015:

• [Dec 08 - $???] Creative bug which result Stored XSS on m.youtube.com* by Sasi Levi
• [Oct 29 - $???] XSS in YouTube Gaming* by Ashar Javed
• [Jun 26 - $3,133.7] Youtube Editor XSS Vulnerability* by Jasminder Pal Singh

2014:

• [Oct 31 - $5,000] The 5000$ Google XSS* by Patrik Fehrenbach
• [Oct 26 - $1,337] Youtube XSS Vulnerability (Stored -> Self Executed)* by Jasminder Pal Singh
• [Aug 13 - $???] I hate you, so I pawn your Google Open Gallery* by Ahmad Ashraff
• [Jan 10 - $???] Again, from Nay to Yay in Google Vulnerability Reward Program!* by Ahmad Ashraff

2013:

• [Sep 15 - $3,133.7] XSRF and Cookie manipulation on google.com* by Michele Spagnuolo
• [Jul 08 - $???] Stored XSS in GMail* by Michele Spagnuolo

Unknown Date:

• [??? - $5,000] Google VRP : oAuth token stealing* by Harsh Jaiswal
• [??? - $???] Unauth meetings access* by Rojan Rijal
• [??? - $???] XSS vulnerability in Google Cloud Shell’s code editor through mini-browser endpoint* by Psi
• [??? - $???] Information leakage vulnerability in Google Cloud Shell’s proxy service* by Psi
• [??? - $???] XSS vulnerability in Google Cloud Shell’s code editor through SVG files* by Psi
• [??? - $???] CSWSH vulnerability in Google Cloud Shell’s code editor* by Psi
• [??? - $3,133.7] Open redirects that matter* by Tomasz Bojarski
• [??? - $???] Voice Squatting & Voice Masquerading Attack against Amazon Alexa and Google Home Actions* by ???
• [??? - $???] Blind XSS against a Googler* by Rojan Rijal
• [??? - $???] Multiple XSSs on hire.withgoogle.com* by Rojan Rijal
• [??? - $???] Auth Issues on hire.withgoogle.com* by Rojan Rijal
• [??? - $???] G Suite - Device Management XSS* by Rojan Rijal