Proving that Google will pursue just about any opportunity to shore up vulnerabilities in their platforms, the search giant paid out $60,000 to the hacker known as “Pinkie Pie” who successfully exploited Google’s Chrome browser at “Pwnium 2” at the Hack in the Box 2012 event in Kuala Lumpur, Malaysia.
Pinkie Pie was able to exploit and attack against two vulnerabilities in the browser. The first was related to the browser’s WebKit Scalable Vector Graphics functions which allowed him to compromise the renderer process. The second was a bug in the IPC layer.
The image displayed on a compromised computer after it was successfully hacked by Pinkie Pie during the first Pwnium competition in March. Image from Ars Technica.
Because these exploitations were rooted entirely on vulnerabilities within the Chrome browser, it qualified for Google’s highest award as a “full Chrome exploit” worth $60,000 and a free Chrombook. More impressive than the payout, was Google’s response to the vulnerabilities. A crack team of engineers coded a patch and the company claims it deployed the fix across its platforms in less than 10 hours after Pwnium 2 was concluded. That is light-speed compared to bug and security fixes reaching other browsers like Internet Explorer, Firefox and Safari.
sources: The Chromium Blog
, Ars Technica