Bug write-up for "Controlling the Google Assistant via Web Speech API" *^____^*.

My YouTube channel is now un-deprecated 🎉.Android lock screen data leak Minecraft video PoC can now be found at

RT @shhnjk: LOL, my YouTube account/channel got terminated, and all PoC videos are gone 😂.

RT @deryilz: 🔥Blog post is up! How extensions could exploit JS bindings to use webRequestBlocking prior to Chrome 118:. .

Been automating chromium security research using AI agents with codebase learning, VRP insights and research tracking tools. While the agent will remain private there's a nice tool for interfacing with chromium services now with V8 support 🥳.

Bug write-up for "Cameyo XSS" ☆*: .｡. o(≧▽≦)o .｡.:*☆.

OriginMarker (Origin dependent marker) version 1.4 chrome extension is released now with pre-set Markers for common websites strangely not given up with the extension yet.

¯\_(ツ)_/¯.

Bug write-up for "Android lock screen data leak" ╰(*°▽°*)╯.

Used an LLM to create extra themes for I noticed the base64 theme was to easy to read so there's now a emoji option which further encodes the output.

Decided to skip testing and deploy the following: the console.log now has a space :) Shortcut partitioning, a threat model I made up. added a feature to ask for permission. API just crashes 🦆.

Quack Quack Quack my legacy Minecraft mod is now open source I still don't know Java just search for "intent://" URLs. 🦆.

Generic fixed postMessage XSS on OKX cryptocurrency exchange

It appears with Gemini 2.5 pro creating an LLM wiki for chromium security research is a lot more practical. Does anyone want to collaborate on this? in return you may find a bug! Otherwise I will go back to the random post about XSS system.

Testing the new Chrome ai.summarizer API for the summarizer theme on its patched so that COOP isn't "Connection Orca Protection" but still unreliable.

Bug write-up for "Nuance Library XSS" 🦆.

My NEW favorite popunder!.

Bug write-up for "EqualWeb UXSS" I prefer Google VRP.

Bug write-up for "Google XSS part 2" :).