Risky Bulletin Risky Bulletin: Researcher scores $250,000 for Chrome bug
Aug 11, 2025
A security researcher hits the jackpot with a $250,000 reward for a Chrome vulnerability. WinRAR faces challenges with a new zero-day exploit. The dangers of the Tetra communications protocol come to light, revealing serious flaws. Meanwhile, a curious researcher gains access to Microsoft's internal network just for fun. The podcast also dives into cybersecurity scams, highlighting a $100 million scheme targeting individuals and the growing risk to elderly Americans from fraud. Ethical hackers strive to defend critical infrastructure amidst these threats.
AI Snips
Chapters
Transcript
Episode notes
High-Value Chrome Sandbox Escape
- Google paid $250,000 for a novel Chrome sandbox escape via a Mojo flaw that impersonated the privileged parent process.
- The reward ranks among Google's largest bounties and was patched within a month of reporting.
Credix DeFi Vanishes After $4.5M Hack
- The Credix DeFi platform disappeared after an attacker controlled an admin wallet and stole almost $4.5 million in assets.
- Credix deleted its social accounts and website after promising reimbursements and then going offline.
Retirees Suffer Major Scam Losses
- The FTC reports retirees lost $700 million to scams last year, a big rise since 2022.
- Scammers often impersonated the FTC and targeted older Americans seeking to protect farms.