Beta

Report a vulnerability

Found a security issue? Let us know privately and we'll take it seriously.

We take security seriously at Strawberry. If you discover a vulnerability, please report it responsibly by submitting the form below or emailing security@strawberrybrowser.com. We aim to acknowledge reports within 3 business days and provide a resolution timeline within 7 business days.

Guidelines

In scope

We are interested in vulnerabilities that affect the security of our users, including but not limited to:

  • Cross-site scripting (XSS)
  • Cross-site request forgery (CSRF)
  • SQL injection
  • Authentication or authorization bypass
  • Remote code execution
  • Sensitive data exposure
  • Electron security misconfigurations (nodeIntegration, IPC abuse, preload injection)

Out of scope

The following are generally not considered security vulnerabilities:

  • Denial of service attacks
  • Social engineering or phishing
  • Physical attacks or attacks requiring physical access to a device
  • Vulnerabilities in third-party services (Supabase, Stripe, etc.)
  • Issues without a clear security impact

Submit a report

Severity

Describe the vulnerability and steps to reproduce

Disclosure policy

Please give us reasonable time to patch before public disclosure. We reward significant findings at our discretion. We'll credit researchers in any published advisory unless you prefer to remain anonymous.