Teenaged Hacker Wins Second $60k Prize For Chrome Exploit
redOrbit Staff & Wire Reports – Your Universe Online
Google awarded a $60,000 prize on Wednesday to a security researcher that cracked the Chrome browser during the company’s second Pwnium competition during the Hack in the Box 2012 conference in Kuala Lumpur.
The teen researcher, who goes by the nickname “Pinkie Pie,” is a second-time winner of the contest, having been awarded a previous $60,000 prize in March for subverting the Chrome browser.
“We’re happy to confirm that we received a valid exploit from returning pwner, Pinkie Pie. This pwn relies on a WebKit Scalable Vector Graphics (SVG) compromise to exploit the renderer process and a second bug in the IPC layer to escape the Chrome sandbox,” wrote Google software engineer Chris Evans in a blog post.
Google has reserved $2 million in prize money for hackers who discover security vulnerabilities in the Chrome web browser, with $60,000 set aside for those who find “full Chrome exploits.”
“Since this exploit depends entirely on bugs within Chrome to achieve code execution, it qualifies for our highest award level as a “full Chrome exploit,” a $60,000 prize and free Chromebook,” Evans wrote.
Google has already paid out $400,000 in awards this year to security researchers who have reported vulnerabilities in Chrome.
“We’re delighted at the success of Pwnium 2, and anticipate additional hardening and future improvements to Chrome as a result of the competition,” the company said.
Google has already issued a Chrome security update, which will be automatically downloaded and applied on all Windows, Mac and Linux machines equipped with the browser, to fix Pinkie Pie’s newly discovered vulnerabilities.
Pinkie Pie’s real name is being kept anonymous because his employer does not authorize his activity, Wired reported in March. The nickname “Pinkie Pie” refers to one of the main characters in the cartoon series My Little Pony.