𝕷𝖊𝖊𝖈𝖗𝖆𝖘𝖔 @leecraso - Twitter Profile

over 3 years ago

Glad to be here again, #1 this year. Thanks to everyone, and still the same as I said last year, the Chrome team and the VRP team are indeed excellent teams.

Google VRP (Google Bug Hunters)

@GoogleVRP

over 3 years ago

📯As we wrap up 2022, the Chrome VRP is pleased to announce the top Chrome VRP Researchers of 2022. Congratulations and great work! Thank you for all your contributions and efforts over this past year & helping us make Chrome Browser and Chrome OS more secure for all users!

GoogleVRP's tweet photo. 📯As we wrap up 2022, the Chrome VRP is pleased to announce the top Chrome VRP Researchers of 2022. Congratulations and great work!
Thank you for all your contributions and efforts over this past year & helping us make Chrome Browser and Chrome OS more secure for all users! https://t.co/TVYmU2B90l

1

130

25

11

87K

3

39

0

2

10K

𝕷𝖊𝖊𝖈𝖗𝖆𝖘𝖔 @leecraso

almost 4 years ago

A sad story, waiting for the pre-recorded video.🐰

Jr @__R0ng

almost 4 years ago

My virtual session at BlackHat has been canceled halfway (due to connecting issue I think?) 😔 I wonder if it's just me or such things may happen in other session

6

11

0

1

0

leecraso retweeted

Project Zero Bugs @ProjectZeroBugs

over 4 years ago

Chrome: State tracking issue in RenderFrameHostImpl leading to UaF https://t.co/VIOEdD1qsG

0

44

8

5

0

leecraso retweeted

Chromium Disclosed Security Bugs @BugsChromium

over 4 years ago

Security: heap-use-after-free in content::RenderFrameHostImpl::delegate https://t.co/rYDGWpRDqd

0

12

3

0

Who to follow

sakura

@eternalsakura13

Lead Security Researcher @zellic_io. Top 3 Chrome VRP. Top 2 Facebook Whitehat. MSRC MVRs 9th. BlackHat Asia/USA & Zer0Con & OffensiveCon speaker.

starlabs

@starlabs_sg

A Singapore company that discovers vulnerabilities to help customers mitigate the risks of cyber attacks. Organisers of @offbyoneconf

POC_Crew

@POC_Crew

Organizer of Zer0Con, MOSEC and #POC2026 (https://t.co/6pIiBKhgxm)

𝕷𝖊𝖊𝖈𝖗𝖆𝖘𝖔 @leecraso

over 4 years ago

@cengaver @GoogleVRP thanks😃

0

2

0

𝕷𝖊𝖊𝖈𝖗𝖆𝖘𝖔 @leecraso

over 4 years ago

Honored to be #0. Special thanks to the VRP team and the Chrome team for their assistance in the past year, they are indeed excellent teams.

Google VRP (Google Bug Hunters)

@GoogleVRP

over 4 years ago

As we are wrapping up 2021, the Chrome VRP is pleased to announce the Top 20 Chrome VRP Researchers for this year. Congratulations and great work! Thank you for your contributions and efforts over this past year in helping us make Chrome Browser and Chrome OS safe for all users!

GoogleVRP's tweet photo. As we are wrapping up 2021, the Chrome VRP is pleased to announce the Top 20 Chrome VRP Researchers for this year. Congratulations and great work!
Thank you for your contributions and efforts over this past year in helping us make Chrome Browser and Chrome OS safe for all users! https://t.co/tQnnMHSTeB

5

277

45

15

0

9

94

3

2

0

𝕷𝖊𝖊𝖈𝖗𝖆𝖘𝖔 @leecraso

over 4 years ago

@hackyzh @GoogleVRP 他们原则上只认少量用户交互的。大量用户交互或者webui的一般就取决于具体的审洞人怎么看了。我感觉最近公开的好多需要大量交互或者特别苛刻的条件竞争都不该被认的，但他们也都认了，所以这种完全取决于审洞人心情🤣

1

0

𝕷𝖊𝖊𝖈𝖗𝖆𝖘𝖔 @leecraso

over 4 years ago

@_3ndy1 Your avatar is so 456

1

0

leecraso retweeted

Samuel Groß @5aelo

over 4 years ago

This week we are starting an experiment that enables V8's Virtual Memory Cage in Chrome on Desktop (currently only on Dev + Canary channels, then Beta and finally Stable). Here is how that'll work:

3

248

64

31

0

leecraso retweeted

Black Hat

@BlackHatEvents

almost 5 years ago

All videos from #BHUSA 2021 are now live on our YouTube channel. Check them out here! - https://t.co/297roa9Mgb

1

58

26

7

0

𝕷𝖊𝖊𝖈𝖗𝖆𝖘𝖔 @leecraso

almost 5 years ago

@uromise @oooverflow Great romise😍

1

0

leecraso retweeted

Samuel Groß @5aelo

almost 5 years ago

Designing a sandbox for V8: https://t.co/YwEWLxXpoF

3

388

124

67

0

leecraso retweeted

RET2 Systems @ret2systems

about 5 years ago

Check out how we used 32gb of RAM to exploit a zero-day WebAssembly Vulnerability (CVE-2021-30734) in Apple Safari / JavaScriptCore at #Pwn2Own in 2021: https://t.co/CCcc5RVugk

3

358

140

31

0

leecraso retweeted

SorryMybad @S0rryMybad

about 5 years ago

I suggest v8 dev consider to refactor part of the typer system. It seems like hard to kill all typer bugs and system is very friendly for exploitation. I've thought about it and have some ideas. Welcome everyone to discuss.@v8js

S0rryMybad's tweet photo. I suggest v8 dev consider to refactor part of the typer system. It seems like hard to kill all typer bugs and system is very friendly for exploitation. I've thought about it and have some ideas. Welcome everyone to discuss.@v8js https://t.co/eF7HkoIURJ

1

66

6

0

𝕷𝖊𝖊𝖈𝖗𝖆𝖘𝖔 @leecraso

about 5 years ago

SorryMyReal0Day

SorryMybad @S0rryMybad

about 5 years ago

The REAL 0 day: Tested On Canary Version

4

94

3

5

0

3

0

𝕷𝖊𝖊𝖈𝖗𝖆𝖘𝖔 @leecraso

about 5 years ago

@S0rryMybad @guhe120 can't agree more

0

1

0

𝕷𝖊𝖊𝖈𝖗𝖆𝖘𝖔 @leecraso

about 5 years ago

@Ox9A82 gangster!

0

leecraso retweeted

stephen @_tsuro

over 5 years ago

I made a website: https://t.co/4KJAv1BOzY

10

926

283

121

0

leecraso retweeted

Man Yue Mo @mmolgtm

over 5 years ago

In this series of posts I'll exploit 3 bugs that I reported last year. Together they can form a full chain from Chrome beta v86 to the Android kernel. The first post is about exploiting a UAF in the kernel reachable from the App sandbox: https://t.co/A7RIzV3RoF

2

346

124

61

0

𝕷𝖊𝖊𝖈𝖗𝖆𝖘𝖔

@leecraso

Who to follow

Last Seen Users on Sotwe

Trends for you

Most Popular Users