50k or 100k would be far more appropriate given the severity of this issue. But overall, this makes me think there's probably a lot more vulnerabilities in Arc that are undiscovered/unpatched.
Also, there's the whole notion of every URL you visit being sent to Firebase -- were these logged? Awful for a browser.
Ya this is fair! Honestly this was our first bounty ever awarded and we could have been more thoughtful. We’re currently setting up a proper program and based on that rubric will adjust accordingly.
radicaldreamer|1 year ago
Also, there's the whole notion of every URL you visit being sent to Firebase -- were these logged? Awful for a browser.
unknown|1 year ago
[deleted]
ha470|1 year ago
ARandomerDude|1 year ago
That’s corporate speak for “no, we won’t pay the researcher any more money.”
karlzt|1 year ago