AfterDawn: Tech news

Security researcher bags $60,000 for Chrome hack

Written by James Delahunty (Google+) @ 08 Mar 2012 14:00 User comments (3)

Security researcher bags $60,000 for Chrome hack Russian researcher gets nice payday from vulnerability he found in Chrome.
Sergey Glazunov, who is familiar with Chrome bug hunting, uncovered a remote code execution vulnerability in Google's Chrome web browser. He demonstrated how he could use this vulnerability to escape the Chrome sandbox and run unauthorized code on a full-patched Windows 7 system.

His award comes as part of the Google Pwnium competition. The search giant has put $1,000,000 on the line for breaches of its browser's security.

"Congrats to long-time Chromium contributor Sergey Glazunov who just submitted our first Pwnium entry. Looks like it qualifies as a ?Full Chrome? exploit, qualifying for a $60k reward. We?re working fast on a fix that we?ll push via auto-update. This is exciting; we launched Pwnium this year to encourage the security community to submit exploits for us to help make the web safer. We look forward to any additional submissions to make Chrome even stronger for our users."
- Sundar Pichai, a senior vice-president at Google

As time of writing, the remaining prize fund is $940,000. The Pwmium webpage reports that there have been two successful exploits of Chrome, the other being the reported VUPEN breach of the browser at this year's Pwn2Own contest. The vulnerability used by Glazunov is reported to already be patched, though of course, Google has no idea what VUPEN did to break its browser security.

Previous Next  

3 user comments

18.3.2012 14:40

well done

28.3.2012 19:01

I thought they offered a million dollars?

39.3.2012 4:30

Originally posted by nbfreak2:
I thought they offered a million dollars?
there is a Million Dollar prize fund, which means much like the Lottery the prize is split between multiple winners

Comments have been disabled for this article.

News archive