How to Find Chrome Security Bugs for Fun and Profit


Chrome is a web browser. Web browsers fetch arbitrary untrusted content and code from any website you visit, and promise to run it safely, on your most precious device, keeping it locked away from all your private data. How do we do that? What happens when we get it wrong? And how can you get paid for spotting our mistakes? We’ll talk through the Chrome security model and our Vulnerability Rewards Program where you can get a bounty for finding and reporting a security bug. We’ll talk about some of the techniques to find such bugs, and what we like to see in good security bug reports.


Adrian Taylor is a Technical Program Manager in Chrome security, primarily responsible for shipping our security bug fixes and ensuring each new Chrome feature gets a thorough security review. He’s also involved in efforts to solve whole classes of bugs, e.g. memory safety. He lives in Saratoga but spends as much time as possible up in the hills mountain biking.

Time and Location

March 16, 2021 at 1:30PM

ZOOM link: