Pinkie Pie hacker strikes again; Google repairs two major Chrome vulnerabilities
L33tdawg: Video of Chris Evan's talk at #HITB2012KUL on Element 31337 in the Periodic Table: Pwnium, is available on YouTube and covers details of Pinkie Pie's epic $60k exploit from the event and details of past winners and submissions. Well worth watching.
The Chrome hacker known as "Pinkie Pie" helped reveal a serious flaw in the browser's media handler that was patched last week with the release of Chrome 23. That update also fixed a file path handling problem, which was discovered by Google's in-house researchers.
Reports from the H Online and ThreatPost indicate that Pinkie Pie received $7,331 for his work in uncovering the media handler issue. The same hacker won a further $60,000 two months ago for similar work at the Hack in the Box competition, and another prize of the same amount in March at its Pwnium event.
Larger cash rewards for bug reports, according to ThreatPost, are handed out by Google for "particularly severe or unusual bugs," of which Pinkie Pie's latest find was apparently one. Also rewarded for work on Chrome 23's security, the H Online reported, was a hacker who found a "medium"-rated vulnerability in the browser's WebGL implementation. Discovering the problem, which centered on a heap buffer overflow, earned the unnamed researcher $3,500.