Awesome Google VRP Writeups
@gvrp_writeups
Followers
3K
Following
0
Media
2
Statuses
145
Automatically tweeting new writeups from the GitHub repository "awesome-google-vrp-writeups".
GitHub Actions
Joined April 2021
New Google VRP writeup "Hacking Gemini: A Multi-Layered Approach" for a bounty of $20,000 by @valent1nee: https://t.co/TKOOqfjoih
buganizer.cc
0
4
36
New Google VRP writeup "CVE-2025-12080 — Intent Abuse in Google Messages for Wear OS for Silent Message Sending" for a bounty of $??? by @Io_no__: https://t.co/IwbEXoOUSh
towerofhanoi.it
CVE-2025-12080: Google Messages on Wear OS wrongly handles ACTION_SENDTO (sms:, smsto:, mms:, mmsto:), allowing silent message sends without user confirmation.
1
1
9
New Google VRP writeup "The Trifecta: How Three New Gemini Vulnerabilities in Cloud Assist, Search Model, and Browsing Allowed Private Data Exfiltration" for a bounty of $??? by @terminatorLM: https://t.co/dekxofCvN1
tenable.com
Tenable Research discovered three vulnerabilities (now remediated) within Google’s Gemini AI assistant suite, which we dubbed the Gemini Trifecta. These vulnerabilities exposed users to severe...
0
1
10
New Google VRP writeup "Google Cloud Account Takeover via URL Parsing Confusion" for a bounty of $??? by Mohamed Benchikh: https://t.co/kGueoMdtM2
infosecwriteups.com
TL;DR
0
5
79
New Google VRP writeup "Exploiting YouTube’s Permission Model : A Privilege Escalation case" for a bounty of $500 by Prakhar0x01 (𝙶𝚑𝚘𝚜𝚝 🇮🇳):
prakhar0x01.github.io
My experience of discovering and reporting a Privilege Escalation case in YouTube Studio (sub-unit of Google). In this blog post, i’ll explain all the technical part and non-technical parts of it.
1
1
6
New Google VRP writeup "Controlling the Google Assistant via Web Speech API (Awarded $3133.7)" for a bounty of $3,133.7 by @ndevtk: https://t.co/SUUXBwNoTI
ndevtk.github.io
When the Google Assistant is opened with a deeplink it should require manually pressing on the microphone icon to start listening per https://feed.bugs.xdavidhu.me/bugs/0011 (unless “OK Google” is...
0
4
32
New Google VRP writeup "Client-side RCE via CSS Injection in Google Web Designer for Windows" for a bounty of $3,500 by Bálint Magyar: https://t.co/8p0VJmUdjY
0
12
57
New Google VRP writeup "XSS in Google IDX Workstation" for a bounty of $22,500 by @sudhanshur705: https://t.co/16Fz5H5f0R
sudistark.github.io
Technical breakdown of an XSS vulnerability in Google IDX Workstation.
0
24
128
New Google VRP writeup "Exploring Eclipse IDE Attack Vectors: Unveiling Google Cloud Tools Plugin Vulnerabilities" for a bounty of $??? by Mo Sakr: https://t.co/QvIyQIJVEJ
medium.com
Table of Contents
0
0
15
New Google VRP writeup "My first bug in Google Cloud: Command injection in Vertex AI" for a bounty of $3,133.7 by @valent1nee: https://t.co/IX5dHMonDB
buganizer.cc
0
5
39
New Google VRP writeup "Bruteforcing the phone number of any Google user" for a bounty of $5,000 by @brutecat: https://t.co/QdEqZYGstP
brutecat.com
From rate limits to no limits: How IPv6's massive address space and a crafty botguard bypass left every Google user's phone number vulnerable
0
2
14
New Google VRP writeup "Security Vulnerability in Google Chat's Absolute Poll Allows Unauthorized Poll Closure" for a bounty of $??? by Ahmed Nasr: https://t.co/wEAeZmePuk
medium.com
Hello Hunters,
0
3
11
New Google VRP writeup "Project IDX Security Notes" for a bounty of $??? by @aedenmurray: https://t.co/3lSBpWPkM1
0
1
4
New Google VRP writeup "Client-side RCE via improper URL parsing in Google Web Designer for Windows: CVE-2025-4613" for a bounty of $8,500 by Bálint Magyar: https://t.co/VVjtPUQefO
0
6
23
New Google VRP writeup "Hunting for Bucket Traversals in Google's Client Libraries" for a bounty of $3,133.7 by Jakub Domeracki: https://t.co/h0QiT9B2Pi
jdomeracki.github.io
Table of Contents Preface Bucket Traversal 101 Case study TL;DR Overview Technical analysis PoC Attack scenario Diagram of a sample vulnerable application Summary
0
4
19
New Google VRP writeup "Two RCEs in Google Cloud products and Nike Air Max 90s" for a bounty of $10,000 by @sivaneshashok: https://t.co/QdBec2fKRU
0
3
15
New Google VRP writeup "Client-side RCE via symlink following in Google Web Designer for macOS/Linux: CVE-2025-1079" for a bounty of $11,250 by Bálint Magyar: https://t.co/B4cWdLec5O
0
7
20
New Google VRP writeup "Disclosing YouTube Creator Emails for a $20k Bounty" for a bounty of $20,000 by @brutecat: https://t.co/SVJj1Pj3HQ
brutecat.com
From creator privacy to phishing paradise: How a secret parameter could have exposed the private email addresses of monetized YouTube channels
0
3
12
New Google VRP writeup "Unveiling TE.0 HTTP Request Smuggling: Discovering a Critical Vulnerability in Thousands of Google Cloud Websites" for a bounty of $8,500 by @sw33tLie: https://t.co/AZqXopuW90
bugcrowd.com
We later discovered we had a powerful exploit affecting thousands of Google Cloud-hosted websites that were using their Load Balancer.
0
3
21
New Google VRP writeup "Sketchy Cheat Sheet - Story of a Cloud Architecture Diagramming Tool gone wrong" for a bounty of $??? by @j_domeracki: https://t.co/r90BzFprYe
jdomeracki.github.io
Table of Contents
0
0
10