Google patches $60k Chrome hole in 10 hours
Google has fixed a hole in its Chrome browser that earned a white hat hacker $60,000 at the recent Pwnium 2 hacking contest.
The company released the fix for the vulnerability on Wednesday, around 10 hours after it was revealed at the Pwnium competition at 'Hack in the Box 2012' contest in Kuala Lumpur, Malaysia on Tuesday. The hacker — who goes by the name of 'pinkie pie' — found the vulnerability in the browser by combining two separate exploits, and netted a cool $60,000 for his discovery, as well as a free Chromebook.
"We're happy to confirm that we received a valid exploit from returning pwner, Pinkie Pie. This pwn relies on a WebKit Scalable Vector Graphics (SVG) compromise to exploit the renderer process and a second bug in the IPC layer to escape the Chrome sandbox," Chris Evans, a Chrome engineer, confirmed on the Chromium blog.