Zerodium or BBP for Chrome 0day – Digitalmunition

Home Forums Zerodium or BBP for Chrome 0day

This topic contains 1 reply, has 2 voices, and was last updated by  tweedge 1 month, 1 week ago.

  • Author
  • #295150


    I have discovered a Chrome RCE (though it is 1click)

    Zerodium say they pay for this type of submission. Up to $500k (but probably lower because it is a 1click).

    Would I get more money with Zerodium or Google BBP?

  • #295151


    First – congrats on the find!

    If you want to make money, sell it to the offensive industry (Zerodium or any other market buyer). If you want recognition & to promote security for all, give it to Google BBP.

    I know you know it’s lower but be prepared for the $500k to drop pretty hard. It’s a good find, but Zerodium won’t pay you nearly $500k – depending on where you’re executing I’d expect between $50k (sandbox escape) and $15k (in sandbox). Just to ballpark based on 30-50% higher than Google’s rates, which I believe is reasonable for a 1click.

    What each is worth is up to you – personally, I’d go with Google, but that’s because I want recognition and job advancement more than I want short term cash. Your situation is yours alone & I’m not here to judge 🙂

You must be logged in to reply to this topic.