PT-2026-47289

Name of the Vulnerable Software and Affected Versions @angular/platform-server versions prior to 19.2.23 @angular/platform-server versions prior to 20.3.22 @angular/platform-server versions prior to 21.2.15 @angular/platform-server versions prior to 22.0.0-rc.2 Description An issue in the...

SEC-Bench Pro: Can Language Models Solve Long-Horizon Software Security Tasks?

Large language models LLMs now support automated software security tasks, including vulnerability discovery and proof-of-concept PoC generation. Existing benchmarks do not faithfully evaluate LLMs in real-world bug hunting scenarios because they rely on fuzzing harnesses, target-specific...

Incentives and Outcomes in Bug Bounties

Bug bounty programs have contributed significantly to security in technology firms in the last decade, but little is known about the role of reward incentives in producing useful outcomes. We analyze incentives and outcomes in Google's Vulnerability Rewards Program VRP, one of the world's largest...

Stable Channel Update for ChromeOS / ChromeOS Flex

The Stable channel is being updated to OS version: 16002.44.0 Browser version: 129.0.6668.80 for most ChromeOS devices. If you find new issues, please let us know one of the following ways 1. File a bug 2. Visit our ChromeOS communities 1. General: Chromebook Help Community 2. Beta Specific:...

Stable Channel Update for ChromeOS / ChromeOS Flex

The Stable channel is being updated to 122.0.6045.214 Platform version: 15753.38.0 for most ChromeOS devices and will be rolled out over the coming days. This build contains a number of bug fixes and security updates. If you find new issues, please let us know one of the following ways: File a bu...

Stable Channel Update for ChromeOS / ChromeOS Flex

The Stable channel is being updated to OS version: 15699.58.0 Browser version: 121.0.6167.159 for most ChromeOS devices. If you find new issues, please let us know one of the following ways 1. File a bug 2. Visit our ChromeOS communities 1. General: Chromebook Help Community 2. Beta Specific:...

Google Launches New Open Source Bug Bounty to Tackle Supply Chain Attacks

Google on Monday introduced a new bug bounty program for its open source projects, offering payouts anywhere from $100 to $31,337 a reference to eleet or leet to secure the ecosystem from supply chain attacks. Called the Open Source Software Vulnerability Rewards Program OSS VRP, the offering is...

Six Hackers Have Now Pocketed $1M From Bug Bounty Programs

Six hackers in total have each now pocketed more than $1 million from finding vulnerabilities in bug-bounty programs – including one from the U.S. That figure comes as more bug-bounty programs bump up their rewards due to participants finding more high-severity vulnerabilities in their platforms,...

Google Triples Some Bug Bounty Payouts

Google is upping the ante for its Chrome bug bounty rewards program, doubling payouts from $15,000 to $30,000 for “high-quality” reports. It is also tripling baseline payouts for Chrome to $15,000. The bug-bounty pay raise is part of Google’s Chromium open-source project, which supplies the vast...

HP Offers Up to $10,000 Rewards for Printer Bugs

HP launched a bug bounty program for printers Tuesday, with a max payout of $10,000 a vulnerability. The company, which has partnered with Bugcrowd to offer between $500 and $10,000 for bug discoveries, said that it marks the first-ever bug bounty program for printers. “HP has offered a way for...

Four New Normals for 2017

Let’s not talk about cybersecurity predictions for 2017. Let’s talk instead about new normals, things that have ceased to be novel because, well, they happen all the time and everywhere. Let’s concede that things such as greedy ransomware, imposing IOT botnets, high-profile bug bounties and...

flashplugin: multiple issues

CVE-2016-4274, CVE-2016-4275, CVE-2016-4276, CVE-2016-4280, CVE-2016-4281, CVE-2016-4282, CVE-2016-4283, CVE-2016-4284, CVE-2016-4285, CVE-2016-6922, CVE-2016-6924 arbitrary code execution Multiple Memory corruption vulnerabilities that could lead to arbitrary code execution have been found...

Google's Android Rewards Program Pays Out Half Million in First Year

Google wrapped up the first year of its Android Security Rewards program this week, a span of time that saw the company pay out just north of half a million dollars to security researchers who helped identify vulnerabilities in the mobile operating system. In all, the company paid 82 researchers ...

MIT Launches Experimental Bug Bounty Program

The effectiveness of bug bounty programs is difficult to deny, especially after adoption of one at Uber, which announced last month it would begin paying $10,000 for critical bugs, and the Department of Defense, whose Hack the Pentagon illustrates the government’s softening stance on hackers. The...

Flash Uninitialized Stack Variable MPD Parsing Memory Corruption

Exploit for windows platform in category dos / poc Source: https://code.google.com/p/google-security-research/issues/detail?id=316&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id Tracking for: https://code.google.com/p/chromium/issues/detail?id=472201 Credit is to bilou,...

Adobe Flash AS2 - textfield.filters Use-After-Free (1)

Source: https://code.google.com/p/google-security-research/issues/detail?id=330&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id Tracking for: https://code.google.com/p/chromium/issues/detail?id=476926 Credit is to bilou, working with the Chromium Vulnerability Rewards...

Adobe Flash AS2 - textfield.filters Use-After-Free (2)

Source: https://code.google.com/p/google-security-research/issues/detail?id=342&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id Tracking for https://code.google.com/p/chromium/issues/detail?id=480496 Credit is to bilou, working with the Chromium Vulnerability Rewards Progra...

Adobe Flash AS2 - Color.setRGB Use-After-Free

Source: https://code.google.com/p/google-security-research/issues/detail?id=367&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id Deadline tracking for Chromium VRP bug https://code.google.com/p/chromium/issues/detail?id=484610 Credit is to bilou, working with the Chromium...

Adobe Flash AS2 - Color.setRGB Use-After-Free

Adobe Flash AS2 - Color.setRGB Use-After-Free Source: https://code.google.com/p/google-security-research/issues/detail?id=367&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id Deadline tracking for Chromium VRP bug https://code.google.com/p/chromium/issues/detail?id=484610...

Google Launches Android Security Rewards For Nexus Devices

Google today announced that it has expanded the scope of its vulnerability rewards program to include the latest versions of its Nexus mobile devices, dangling thousands of dollars in front of researchers willing to hunt not only for vulnerabilities but also develop bypasses for native Android...