个人荣誉

  • Top 20 Chrome VRP Researcher for 2021 (即Chrome漏洞挖掘Top 20)

Chrome

https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html
[$3000][950328] High CVE-2019-5831: Incorrect map processing in V8. Reported by yngwei(JiaWei, Yin) of IIE Varas and sakura of Tecent Xuanwu Lab on 2019-04-07

https://chromereleases.googleblog.com/2019/07/stable-channel-update-for-desktop_30.html
[$3000][976627] High CVE-2019-5853: Memory corruption in regexp length check. Reported by yngwei(@yngweijw) of IIE Varas and sakura(@eternalsakura13) of Tecent Xuanwu Lab on 2019-06-19

https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html
[$3000][1059669] High CVE-2020-6455: Out of bounds read in WebSQL. Reported by Nan Wang(@eternalsakura13) and Guang Gong of Alpha Lab, Qihoo 360 on 2020-03-09

https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html
[$5000][1160602] High CVE-2021-21120: Use after free in WebSQL. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab on 2020-12-21

https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_14.html
[$5000][1185732] Medium CVE-2021-21207: Use after free in IndexedDB. Reported by koocola (@alo_cook) and Nan Wang (@eternalsakura13) of 360 Alpha Lab on 2021-03-08

https://chromereleases.googleblog.com/2021/05/stable-channel-update-for-desktop.html
[$TBD][1200766] High CVE-2021-30514: Use after free in Autofill. Reported by koocola (@alo_cook) and Nan Wang (@eternalsakura13) of 360 Alpha Lab on 2021-04-20

https://chromereleases.googleblog.com/2021/05/stable-channel-update-for-desktop_25.html
[$7500][1195278] Medium CVE-2021-30529: Use after free in Bookmarks. Reported by koocola (@alo_cook) and Nan Wang (@eternalsakura13) of 360 Alpha Lab on 2021-04-02

https://bugs.chromium.org/p/chromium/issues/detail?id=1141256
Variables on the stack are not initialized in pp::FloatRect FloatPageRectToPixelRect

https://bugs.chromium.org/p/chromium/issues/detail?id=1156510
[$5000][1156510]Security: Use After Free in UserMediaRequest::OnMediaStreamInitialized

https://chromereleases.googleblog.com/2021/08/stable-channel-update-for-desktop.html
[$20000][1234009] High CVE-2021-30601: Use after free in Extensions API. Reported by koocola(@alo_cook) and Nan Wang(@eternalsakura13) of 360 Alpha Lab on 2021-07-28

[$20000][1233975] High CVE-2021-30606: Use after free in Blink. Reported by Nan Wang (@eternalsakura13) and koocola (@alo_cook) of 360 Alpha Lab on 2021-07-28

[$20000][1233942] Medium CVE-2021-30611: Use after free in WebRTC. Reported by Nan Wang (@eternalsakura13) and koocola (@alo_cook) of 360 Alpha Lab on 2021-07-28

[$20000][1234284] Medium CVE-2021-30612: Use after free in WebRTC. Reported by Nan Wang (@eternalsakura13) and koocola (@alo_cook) of 360 Alpha Lab on 2021-07-29

[$5000][1268738] High CVE-2021-4078: Type confusion in V8. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab on 2021-11-09

Safari

https://support.apple.com/en-us/HT210123
CVE-2019-8583: sakura of Tencent Xuanwu Lab, and dwfault working at ADLab of Venustech

Android

https://source.android.com/security/bulletin/2021-08-01
https://source.android.google.cn/security/overview/acknowledgements
CVE-2021-0646: Nan Wang (@eternalsakura13) and Guang Gong of Alpha Lab, Qihoo 360

SQLite

https://www.sqlite.org/src/info/f50af3e8a565776b
OOB memory access on a table rename
This problem was discovered and reported by sakura(@eternalsakura13) of Alpha Team, Qihoo 360

https://www.sqlite.org/cgi/src/info/23439ea582241138
Stack overflow in sqlite3_str_vappendf, caused by int overflow