> For example, Google awarded $10,000 to a bug report which showed that extensions could read local files by screenshotting them. But there are more dangerous things than file reads.<p>I think this researcher got scammed without knowing it.<p>Google paid $10k for this bug despite billions of users using Chrome and there are plenty of brokers that will pay much more than that. (e.g. Zerodium)<p>They should have sold it as a 0day on the black market for more that $250k.