The company had put $1,000,000 on the line for successful hacks against the Chrome web browser. For a full hack of Chrome, escaping the Sandbox by exploiting Chrome code and gaining control over a fully patched system, Google offered $60,000, while offering lesser amounts for other breaches.
Chrome had been successfully compromised during the week by Russian researcher Sergey Glazunov. On Friday, it was compromised for a second time by a teen hacker identifying only as PinkiePie.
He said he had worked for the past week and half on perfecting his attack, in which he used three previously unknown vulnerabilities to gain full access to a Dell Inspiron laptop running a patched Windows 7 operating system. All three vulnerabilities lay in code native to Google Chrome and therefore he qualified for a $60,000 pay day.
Google has already patched against both attacks shown at Pwnium.
"Congratulations to PinkiePie (aka PwniePie) for a beautiful piece of work to close out the Pwnium competition!" an advisory accompanying the update for Windows, Mac, and Linux versions of Chrome stated.
A third hack of Google Chrome was reported this week from Pwn2Own too, although it likely exploited Adobe Flash instead of native Chrome code.
Written by: James Delahunty @ 11 Mar 2012 10:47
