个人荣誉

  • Top 20 Chrome VRP Researcher for 2021 (即Chrome漏洞挖掘Top 20)
  • #64 Nan Wang, Facebook Researcher for 2021

Chrome

https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html
[$3000][950328] High CVE-2019-5831: Incorrect map processing in V8. Reported by yngwei(JiaWei, Yin) of IIE Varas and sakura of Tecent Xuanwu Lab on 2019-04-07

https://chromereleases.googleblog.com/2019/07/stable-channel-update-for-desktop_30.html
[$3000][976627] High CVE-2019-5853: Memory corruption in regexp length check. Reported by yngwei(@yngweijw) of IIE Varas and sakura(@eternalsakura13) of Tecent Xuanwu Lab on 2019-06-19

https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_7.html
[$3000][1059669] High CVE-2020-6455: Out of bounds read in WebSQL. Reported by Nan Wang(@eternalsakura13) and Guang Gong of Alpha Lab, Qihoo 360 on 2020-03-09

https://chromereleases.googleblog.com/2021/01/stable-channel-update-for-desktop_19.html
[$5000][1160602] High CVE-2021-21120: Use after free in WebSQL. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab on 2020-12-21

https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_14.html
[$5000][1185732] Medium CVE-2021-21207: Use after free in IndexedDB. Reported by koocola (@alo_cook) and Nan Wang (@eternalsakura13) of 360 Alpha Lab on 2021-03-08

https://chromereleases.googleblog.com/2021/05/stable-channel-update-for-desktop.html
[$TBD][1200766] High CVE-2021-30514: Use after free in Autofill. Reported by koocola (@alo_cook) and Nan Wang (@eternalsakura13) of 360 Alpha Lab on 2021-04-20

https://chromereleases.googleblog.com/2021/05/stable-channel-update-for-desktop_25.html
[$7500][1195278] Medium CVE-2021-30529: Use after free in Bookmarks. Reported by koocola (@alo_cook) and Nan Wang (@eternalsakura13) of 360 Alpha Lab on 2021-04-02

https://bugs.chromium.org/p/chromium/issues/detail?id=1141256
Variables on the stack are not initialized in pp::FloatRect FloatPageRectToPixelRect

https://bugs.chromium.org/p/chromium/issues/detail?id=1156510
[$5000][1156510]Security: Use After Free in UserMediaRequest::OnMediaStreamInitialized

https://chromereleases.googleblog.com/2021/08/stable-channel-update-for-desktop.html
[$20000][1234009] High CVE-2021-30601: Use after free in Extensions API. Reported by koocola(@alo_cook) and Nan Wang(@eternalsakura13) of 360 Alpha Lab on 2021-07-28

https://chromereleases.googleblog.com/2021/08/stable-channel-update-for-desktop_31.html
[$20000][1233975] High CVE-2021-30606: Use after free in Blink. Reported by Nan Wang (@eternalsakura13) and koocola (@alo_cook) of 360 Alpha Lab on 2021-07-28

[$20000][1233942] Medium CVE-2021-30611: Use after free in WebRTC. Reported by Nan Wang (@eternalsakura13) and koocola (@alo_cook) of 360 Alpha Lab on 2021-07-28

[$20000][1234284] Medium CVE-2021-30612: Use after free in WebRTC. Reported by Nan Wang (@eternalsakura13) and koocola (@alo_cook) of 360 Alpha Lab on 2021-07-29

https://chromereleases.googleblog.com/2021/12/stable-channel-update-for-desktop.html
[$5000][1268738] High CVE-2021-4078: Type confusion in V8. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab on 2021-11-09

https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_11.html
[$7000][1310717] High CVE-2022-1311: Use after free in Chrome OS shell. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab on 2022-03-28

https://chromereleases.googleblog.com/2022/05/stable-channel-update-for-desktop_24.html
[$3000][1323239] High CVE-2022-1856: Use after free in User Education. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab on 2022-05-06

[$TBD][1323236] Medium CVE-2022-1870: Use after free in App Service. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab on 2022-05-06

https://chromereleases.googleblog.com/2022/06/stable-channel-update-for-desktop_21.html
[$20000][1327312] High CVE-2022-2157: Use after free in Interest groups. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab on 2022-05-19

https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop.html
[$10000][1335316] High CVE-2022-2604: Use after free in Safe Browsing. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab on 2022-06-10

[$5000][1330489] High CVE-2022-2606: Use after free in Managed devices API. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab on 2022-05-31

[$2000][1337304] Medium CVE-2022-2620: Use after free in WebUI. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab on 2022-06-17

Safari

https://support.apple.com/en-us/HT210123
CVE-2019-8583: sakura of Tencent Xuanwu Lab, and dwfault working at ADLab of Venustech

Android

https://source.android.com/security/bulletin/2021-08-01
https://source.android.google.cn/security/overview/acknowledgements
CVE-2021-0646: Nan Wang (@eternalsakura13) and Guang Gong of Alpha Lab, Qihoo 360

SQLite

https://www.sqlite.org/src/info/f50af3e8a565776b
OOB memory access on a table rename, reported by sakura(@eternalsakura13) of Alpha Team, Qihoo 360

https://www.sqlite.org/cgi/src/info/23439ea582241138
Stack overflow in sqlite3_str_vappendf, caused by int overflow

Facebook

https://www.facebook.com/whitehat/thanks

https://www.facebook.com/security/advisories/cve-2021-24044
CVE-2021-24044: Type Confusion in hermes::vm::Interpreter::interpretFunction

https://www.facebook.com/security/advisories/cve-2021-24045
CVE-2021-24045: Type Confusion in “typeof” unary operator

https://hhvm.com/blog/2022/03/29/security-update.html
CVE-2022-27809, HHVM incorrect integer conversion in array_fill leads to uninitialized variable reference

CVE-2022-27810: stack-overflow in hermes::vm::JSProxy::getNamed

CVE-2022-36762: Type Confusion in hermes::vm::HadesGC