Teenage hacker gets $60,000 for reporting a security flaw in Google Chrome as a prize money from Google. Hacker named Pinkie Pie has won the prize money by producing the first Chrome vulnerability at the Hack in the Box conference on Wednesday.
The vulnerability was first checked by the Google team to verify and confirm. The exploit was discovered and successfully tested just before the event was completed. More details have been posted on Google Chrome Blog
According to the blog post, the hack involves the following exploit:
[$60,000] Critical CVE-2011-2358: SVG use-after-free and IPC arbitrary file write. Credit to Pinkie Pie.
Google has set aside $2 million in prize money for hackers who find security vulnerabilities in its Chrome web browser, with $60,000 being reserved for those who find “full Chrome exploits.” $50,000 which is offered for partial exploits, and $40,000 for non-Chrome exploits – that is, other bugs found in Flash, Windows, or a driver that are not necessarily specific to Chrome, but could cause issues for users.
Google has been offering cash rewards for those discovering security vulnerabilities and other bugs for some time. In March 2010, for example, the company began offering bounties for bugs found in the open-source browser Chromium (Chrome’s code base), which started at $500 and went up to $1,337 .Google said in February that it would awards those latter prizes because it also served the company’s overall mission of “making the entire web safer.”
This is the second time “Pinkie Pie” has earned the top prize. In March, the hacker also earned $60,000 in the first “Pwnium competition” (as the event is called) by stringing together six vulnerabilities in order to break out of Chrome’s sandbox.
In case you’re curious, the teenage hacker is only identified by his handle “Pinkie Pie” because his employer doesn’t authorize his activity, noted Wired in March. (And yes, “Pinkie Pie” refers to the My Little Pony TV show, which has quite the following on Reddit).