This article was published on March 8, 2012

Hacker gets awarded $60k for his full exploit of Google’s Chrome browser


Hacker gets awarded $60k for his full exploit of Google’s Chrome browser

Google’s Chrome browser is becoming more secure as we speak, thanks to a program we talked about last week. The Chromium Security Rewards Program is sponsoring an event at the CanSecWest security conference right now, and the highest monetary reward has already been given.

Here’s what the Chrome releases team had to say about it today:

The Chrome Stable channel has been updated to 17.0.963.78 on Windows, Mac, Linux and Chrome Frame. This release fixes issues with Flash games and videos, along with the security fix listed below.

Security fixes and rewards:

Congratulations again to community member Sergey Glaznov for the first submission to Pwnium!

[Ch-ch-ch-ch-ching!!! $60,000] [117226] [117230] Critical CVE-2011-3046: UXSS and bad history navigation. Credit to Sergey Glazunov.

While it may take a while for these security updates to get integrated into a future release of the browser, if you’re a fan of installing iterative versions of Chrome, you can get all of the details on the changelog here.

As we noted last week, Google is building a great relationship with developers by having programs like this, and also keeps nasty hacks out of the public eye. Developers must submit their security exploit directly to Google without sharing it with anyone else first. If they publicized the exploit, they wouldn’t be able to claim a prize. That’s super smart on Google’s part.

Google plans on giving up to $1M in total rewards during the event, in increments of $60k, $40k, and $20k, depending on the level of the hack. Apparently Glazunov’s was a big one, netting the Russian student a top prize in the category of “Full Chrome exploit”.

Get the TNW newsletter

Get the most important tech news in your inbox each week.

Also tagged with