Feel free to guess whose decision it was to roll the fix into a major release and leaving lots of users vulnerable instead of pushing out new versions of browser extensions to users on all versions.
@WPalant No idea what kind of ToS or other agreement you signed, but anything more than 90 days is pretty suspect.
They're just dragging their heels at this point.
@varx Public bug bounty program, so nothing special - only the usual HackerOne rules: https://www.hackerone.com/disclosure-guidelines. These aren't exactly clear on timelines and such but I don't think that Kaspersky has any leverage if I decide to disclose at this point. If anything, they might complain to HackerOne about it, and I'm unsure where they will stand. Worst-case scenario - I will be banned from the platform, which isn't something I care too much about at this point.
A Mastodon instance for info/cyber security-minded people.