Google hands out $60,000 bounty to Chrome bug hunter
Hacker scores big with third Chrome exploit discovery this year
Google has rewarded a hacker $60,000 for discovering a Chrome exploit during its second Pwnium hacking competition.
A teenage hacker codenamed "Pinkie Pie" discovered the exploit during Google's hacking competition at the Hack in the Box 2012 convention in Kuala Lumpur, Malaysia.
"[Pinkie Pie's] pwn relies on a WebKit Scalable Vector Graphics (SVG) compromise to exploit the renderer process and a second bug in the IPC layer to escape the Chrome sandbox," said Google software engineer Chris Evans in a blog post.
"Since this exploit depends entirely on bugs within Chrome to achieve code execution, it qualifies for our highest award level as a "full Chrome exploit," a $60,000 prize and free Chromebook."
This marks Pinkie Pie's second major Chrome exploit discovery this year. The young hacker found two other exploits that allowed for full remote code execution in Chrome last March.
Pinkie Pie reportedly goes by an alias because his employer forbids him from taking part in hacking competitions, according to a Wired article from earlier this year. The teenage hacker reportedly uses the handle of Pinkie Pie as a reference to a character from the animated TV show My Little Pony.
Following the hacker's discovery Google was able to patch the exploit. The patch was reportedly deployed within 10 hours of the bugs' discovery.
"One of Chrome's most effective security defences is our fast response time and ability to update users with critical patches, quickly. These bugs were no exception," Evans wrote.
"We started analysing the exploit as soon as it was submitted, and in fewer than 10 hours after Pwnium 2 concluded we were updating users with a freshly patched version of Chrome."
Pwnium is a Google sponsored hacking competition for its Chrome web browser. The company offers cash prizes of $60,000, $40,000, and $20,000 to any hacker that discover a verifiable exploit for Chrome.
V3 Latest
First plant to grow on the Moon, err, dies
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite news and updates: Fortnite made $2.4bn in 2018, according to SuperData
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Japanese firm sends micro-satellites into space to deliver artificial meteor showers on demand
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago