It
took Google less than a day to release a new version of its browser
after a critical flaw was discovered by a young hacker. Google offered
good money for discovering Chrome security holes, and one was found by a
young hacker nicknamed Pinkie Pie. As a result, he got $60,000 cash
prize and a free Chromebook.
Now the flaw has already been patched and the search giant announced a new version of Google Chrome for Windows, Mac, and Linux at their official website. The company confirmed that it was proof of the need of the hacker competition. In the post on its corporate site, Google explained that the exploit relied on a WebKit Scalable Vector Graphics compromise to exploit the renderer process and another flaw in the IPC layer to escape the browser’s sandbox.
Since the exploit in question depends only on bugs within the browser to achieve code execution, it was considered to qualify for the highest award level in the competition. Google promised a $60,000 prize and free Chromebook for discovering a “full Chrome exploit”.
The search giant has started the hacker competition as an alternative to another hacker contest, from which Google recently withdrew its sponsorship because the new rules didn’t require the disclosure of found exploits. In response, the organizers of the exploit claimed that nobody would bother to try and exploit Google Chrome if their methods had been required to be disclosed. However, the search giant disagreed and offered a prize of up $60,000 for discovering Chrome-specific exploits.
In the meantime, Google promised that the discovered vulnerabilities which didn’t relate to its browser would also be immediately reported to appropriate vendors.
Now the flaw has already been patched and the search giant announced a new version of Google Chrome for Windows, Mac, and Linux at their official website. The company confirmed that it was proof of the need of the hacker competition. In the post on its corporate site, Google explained that the exploit relied on a WebKit Scalable Vector Graphics compromise to exploit the renderer process and another flaw in the IPC layer to escape the browser’s sandbox.
Since the exploit in question depends only on bugs within the browser to achieve code execution, it was considered to qualify for the highest award level in the competition. Google promised a $60,000 prize and free Chromebook for discovering a “full Chrome exploit”.
The search giant has started the hacker competition as an alternative to another hacker contest, from which Google recently withdrew its sponsorship because the new rules didn’t require the disclosure of found exploits. In response, the organizers of the exploit claimed that nobody would bother to try and exploit Google Chrome if their methods had been required to be disclosed. However, the search giant disagreed and offered a prize of up $60,000 for discovering Chrome-specific exploits.
In the meantime, Google promised that the discovered vulnerabilities which didn’t relate to its browser would also be immediately reported to appropriate vendors.
No comments:
Post a Comment