Google VRP Targets by Tier

UprootSecurity
5 min readMay 2, 2024

--

This blog post details Google’s Vulnerability Reward Program (VRP) targets categorized by tier, highlighting the domain name, tier level, and a brief description of the application.

Tier 0 (Most Sensitive)

  • Domain: flash.android.com
  • Description: Provides updates for Android devices.
  • Domain: accounts.google.com
  • Description: Manages Google accounts, including login, security, and privacy settings.
  • Domain: console.actions.google.com
  • Description: Platform for building Assistant actions.
  • Domain: admin.google.com
  • Description: Google Workspace administration console.
  • Domain: bard.google.com
  • Description: Likely an internal domain for Google AI research (information not publicly available).
  • Domain: chrome.google.com
  • Description: Download and update the Chrome web browser.
  • Domain: chromewebstore.google.com
  • Description: Chrome Web Store for extensions and themes.
  • Domain: clients6.google.com (and other client domains)
  • Description: Likely part of Google’s internal infrastructure (information not publicly available).
  • Domains: Various cloud.google.com subdomains (console, ide, shell, ssh, etc.)
  • Description: Google Cloud Platform console and tools for managing cloud resources.
  • Domain: cloudsearch.google.com
  • Description: Enterprise search engine for Google Workspace.
  • Domain: cloudssh.developers.google.com
  • Description: Secure shell access for Google Cloud development environment.
  • Domain: console.developers.google.com
  • Description: Google Developers console for managing APIs and projects.
  • Domain: ediscovery.google.com
  • Description: Tool for electronic discovery and legal investigation (Google Workspace).
  • Domain: fi.google.com
  • Description: Google Fi mobile network service.
  • Domain: console.firebase.google.com
  • Description: Firebase console for managing app development.
  • Domain: gemini.google.com (This is me!
  • Description: Internal domain for Google AI research (information not publicly available).
  • Domain: inbox.google.com
  • Description: Gmail web interface for email.
  • Domain: issuetracker.google.com
  • Description: Internal bug tracking system for Google (not publicly accessible).
  • Domain: mail.google.com
  • Description: Alternative Gmail web interface.
  • Domain: mail-settings.google.com
  • Description: Settings management for Gmail accounts.
  • Domain: meet.google.com
  • Description: Google Meet for video conferencing.
  • Domain: myaccount.google.com
  • Description: Central hub for managing Google account information.
  • Domain: passwords.google.com
  • Description: Management of passwords associated with your Google account
  • Domain: play.google.com
  • Description: Google Play Store for apps, games, and digital content.
  • Domain: remotedesktop.google.com
  • Description: Remote access tool for Google Cloud.
  • Domain: script.google.com
  • Description: Create and share online scripts and spreadsheets.
  • Domain: takeout.google.com
  • Description: Download your Google account data.
  • Domain: vault.google.com
  • Description: Cloud-based archiving and eDiscovery for Workspace.
  • Domain: googleacquisitionmigration.com
  • Description: Likely a domain involved in Google acquisitions (information not publicly available).
  • Domains: Chromium bug tracking domains (bugs.chromium.org, etc.)
  • Description: Public bug tracker for the Chromium open-source project (used in Chrome).

Tier 1 (Highly Sensitive)

  • Domain: enexpress.app
  • Description: Purpose unknown (limited information available).
  • Domain: ci.android.com
  • Description: Likely part of Android’s continuous integration pipeline (information not publicly available).
  • Domain: ads.google.com
  • Description: Google Ads platform for online advertising.
  • Domain: adwords.google.com (deprecated)
  • Description: Legacy service for Google Ads (no longer actively developed).
  • Domains: Various baseline.google.com subdomains
  • Description: Likely internal tooling related to Google services (information not publicly available).
  • Domain: businessmessages.google.com
  • Description: Platform for businesses to communicate with customers through messaging.
  • Domain: calendar.google.com
  • Description: Google Calendar for managing appointments and scheduling.
  • Domain: chat.google.com
  • Description: Google Chat for instant messaging.
  • Domains: Various client domains (clients.google.com, etc.)
  • Description: Likely part of Google’s internal infrastructure (information not publicly available).
  • Domain: bigquery.cloud.google.com
  • Description: BigQuery, a data warehouse service for Google Cloud.
  • Domains: Various cloud.google.com subdomains (channelservices, partners, source, storage)
  • Description: Subdomains for specific Google Cloud Platform functionalities.
  • Domain: docs.google.com
  • Description: Google Docs for collaborative online document creation.
  • Domain: domains.google.com
  • Description: Domain name registration and management service by Google.
  • Domain: drive.google.com
  • Description: Google Drive for cloud storage and file access.
  • Domain: encrypted.google.com
  • Description: Likely a secure subdomain for specific Google services (information not publicly available).
  • Domain: express.google.com
  • Description: Purpose unknown (limited information available).
  • Domain: get.google.com
  • Description: Serves as a redirect for various Google products.
  • Domain: groups.google.com
  • Description: Google Groups for online discussion forums.
  • Domain: hangouts.google.com (deprecated)
  • Description: Legacy service for Google video chat (no longer actively supported).
  • Domain: home.google.com
  • Description: Google Home for smart home device management.
  • Domain: hume.google.com
  • Description: Purpose unknown (limited information available).
  • Domain: ipv6.google.com
  • Description: Subdomain related to Google’s IPv6 implementation.
  • Domain: lens.google.com
  • Description: Google Lens for image recognition and information retrieval.
  • Domain: lers.google.com
  • Description: Purpose unknown (limited information available).
  • Domain: messages.google.com
  • Description: Text messaging service for Google Fi.
  • Domain: myactivity.google.com
  • Description: Manage your Google activity history across various products.
  • Domain: notifications.google.com
  • Description: Manage notification preferences for Google products.
  • Domain: pay.google.com
  • Description: Google Pay for digital wallet transactions.
  • Domain: payments.google.com
  • Description: Payment processing platform for Google services.
  • Domain: photos.google.com
  • Description: Google Photos for cloud storage and photo management.
  • Domains: Sandbox subdomains for baseline.google.com
  • Description: Testing environments for internal Google services.
  • Domain: shopping.google.com
  • Description: Google Shopping for product search and comparison.
  • Domain: store.google.com
  • Description: Google Store for purchasing hardware devices.
  • Domain: talkgadget.google.com (deprecated)
  • Description: Legacy service for Google Talk video chat (no longer supported).
  • Domain: timeline.google.com (and related subdomains)
  • Description: Likely internal service for managing Google product usage history (information not publicly available).
  • Domain: voice.google.com
  • Description: Google Voice for voicemail and phone number management.
  • Domain: wallet.google.com (deprecated)
  • Description: Legacy service for Google Wallet (replaced by Google Pay).
  • Domain: www.google.com
  • Description: The main Google search engine website.
  • Domain: toolbox.googleapps.com
  • Description: Toolbox for managing Google Workspace applications (potentially outdated).
  • Domain: googlesource.com
  • Description: Public code repository for Google open-source projects.
  • Domains: Youtube subdomains (checkout, m, payments, studio)
  • Description: Subdomains for specific functionalities within Youtube.
  • Domain: legalretrievals.google
  • Description: Subdomain likely related to Google’s legal department (information not publicly available).
  • Domains: Area 120 subdomains (orionwifi, signals, threadit)
  • Description: Subdomains for Google’s experimental product incubator, Area 120 (information may be limited).

Google VRP Acquisition Targets by Tier

Here’s a breakdown of the Google VRP acquisition targets by tier, along with a description of the domain and the application it refers to based on information found on the internet:

Tier 0 :

  • admin.pring.app, callback.pring.app, staging.callback.pring.app (pring.app)
  • api.appsheet.com, eu.appsheet.com, www.appsheet.com (AppSheet): A no-code application development platform that allows users to build mobile and web applications without coding.
  • azure.cloudsimple.com (Microsoft Azure Cloud Simple): A service by Microsoft that allows businesses to migrate and run existing workloads on Microsoft Azure.
  • help.fitbit.com, myhelp.fitbit.com (Fitbit): Help and support documentation for Fitbit wearables and fitness trackers.
  • de.looker.com, gw2-pbvpn.looker.com, keybox.looker.com, pbvpn.looker.com, rampart.looker.com (Looker): Business intelligence (BI) and data analytics platform.
  • login.mandiant.com, app.validation.mandiant.com (Mandiant): Cybersecurity firm specializing in incident response, threat intelligence, and forensics.
  • accounts.nest.com, accounts.ft.nest.com (Nest): Smart home products from Google, including thermostats, cameras, and doorbells.
  • dpcapi-admin.photomath.com, internal.photomath.com (Photomath): Math problem-solving app that uses a smartphone camera to scan and solve equations.
  • signalpath.com (SignalPath): Cloud-based communications platform offering secure messaging and file sharing.
  • service.cloudvmwareengine.google (Google Cloud VMware Engine): Service that allows running existing VMware workloads on Google Cloud Platform.
  • api.pring.jp, dev-api.pring.jp, future-api.pring.jp (pring.jp)

Tier 1:

  • argocd-dwh-eu-dev.photomath.net, argocd-dwh-us-dev.photomath.net, … (photomath.net): Subdomains likely related to Photomath’s internal infrastructure using Argo CD for deployment automation.
  • baja.photomath.net, cuvar.photomath.net, … (photomath.net): Subdomains likely related to Photomath’s internal infrastructure.
  • nodeapi-span.sproute.net, span.sproute.net (Sproute)
  • signalpath.systems (SignalPath Systems): Website of the SignalPath cloud-based communications platform.
  • app.dataform.co (Dataform): Data management platform for business intelligence.
  • passbolt.siemplify.co (Siemplify Passbolt): Password management solution offered by Siemplify.
  • apigee.com, enterprise.apigee.com, sense-ui.apigee.com (Apigee): API management platform for developers.
  • censuslooker.com (Census.gov + Looker): Integration of Looker with US Census data.
  • dropcam.com (Dropcam): Security camera company acquired by Google and integrated into Nest.
  • cloud-file-service-gcp.elastifile.com, noc.elastifile.com (Elastifile): Cloud-based file storage platform.
  • intelligence.fireeye.com (FireEye): Cybersecurity threat intelligence from FireEye.
  • accounts.fitbit.com, autodiscover.fitbit.com, … (Fitbit): Fitbit website, various subdomains for account management, device configuration, etc.
  • apigee.google.com (Apigee by Google): Apigee API management platform offered by Google Cloud.
  • looker.com, corp.looker.com, … (Looker): Looker business intelligence platform.
  • advantage.mandiant.com, api.advantage.mandiant.com, … (Mandiant Advantage): Threat intelligence platform from Mandiant.
  • md.mandiant.com, md-us.mandiant.com (Mandiant): Mandiant website and potentially a regional

--

--