pwnium

Google's program to pay outsiders who find Chrome security vulnerabilities is working well enough that the company has concluded it's time to add new financial rewards.

"Recently, we've seen a significant drop-off in externally reported Chromium security issues," Chrome programmer Chris Evans said in a blog post yesterday. "This signals to us that bugs are becoming harder to find, as the efforts of the wider community have made Chromium significantly stronger."

Thus, Google added a new $1,000 bonus on top of the regular incentive in three circumstances. The bonus applies if a … Read more

Less than 24 hours after Sergey Glazunov became the first person to win $60,000 for finding a full exploit in Google Chrome, the search giant has released a patch to address it.

Google announced that it had released the patch on its Chrome Releases blog yesterday. According to the post, Google plans to keep the nature of the exploit private "until a majority of our users are up to date with the fix." For now, the vulnerability is known as "Critical CVE-2011-304G: UXSS and bad history navigation."

Glazunov's "Full Chrome Exploit" was … Read more

Less than two weeks after Google launched Pwnium, a competition for hackers to find security exploits in Chrome, the search giant has announced its first winner.

Google's Sundar Pichai announced on his Google+ page yesterday that Chromium contributor Sergey Glazunov submitted the first successful entry to the Pwnium contest, revealing a "Full Chrome Exploit" that bypassed the browser's sandboxing security. The exploit makes it possible for a malicious hacker to do just about anything they want on an infected machine.

In an interview published yesterday by CNET sister site ZDNet, Justin Schuh of the Chrome security … Read more