Hacker gets awarded $60k for his full exploit of Google’s Chrome browser

Hacker gets awarded $60k for his full exploit of Google’s Chrome browser

Google’s Chrome browser is becoming more secure as we speak, thanks to a program we talked about last week. The Chromium Security Rewards Program is sponsoring an event at the CanSecWest security conference right now, and the highest monetary reward has already been given.

Here’s what the Chrome releases team had to say about it today:

The Chrome Stable channel has been updated to 17.0.963.78 on Windows, Mac, Linux and Chrome Frame. This release fixes issues with Flash games and videos, along with the security fix listed below.

Security fixes and rewards:

Congratulations again to community member Sergey Glaznov for the first submission to Pwnium!

[Ch-ch-ch-ch-ching!!! $60,000] [117226] [117230] Critical CVE-2011-3046: UXSS and bad history navigation. Credit to Sergey Glazunov.

While it may take a while for these security updates to get integrated into a future release of the browser, if you’re a fan of installing iterative versions of Chrome, you can get all of the details on the changelog here.

As we noted last week, Google is building a great relationship with developers by having programs like this, and also keeps nasty hacks out of the public eye. Developers must submit their security exploit directly to Google without sharing it with anyone else first. If they publicized the exploit, they wouldn’t be able to claim a prize. That’s super smart on Google’s part.

Google plans on giving up to $1M in total rewards during the event, in increments of $60k, $40k, and $20k, depending on the level of the hack. Apparently Glazunov’s was a big one, netting the Russian student a top prize in the category of “Full Chrome exploit”.

Read next: The power of a Paul Graham intro: Sequoia pumps $10m into concerts site Songkick

Corona coverage

Read our daily coverage on how the tech industry is responding to the coronavirus and subscribe to our weekly newsletter Coronavirus in Context.

For tips and tricks on working remotely, check out our Growth Quarters articles here or follow us on Twitter.