Subscribe to the InfoTech eNewsletter

infoTECH Feature

October 12, 2012

Teenage Hacker Wins Second Prize for Finding Security Flaw in Chrome Browser

A teenage hacker won $60,000 from Google (News - Alert) after finding a security flaw in the Chrome browser.

The hacker was only identified as Pinkie Pie, and won the money in a hacking competition called Pwnium 2. It was part of the “Hack in the Box (News - Alert) 2012” event.

“Congratulations to Pinkie Pie, returning to the fray with another beautiful piece of work!” Google Chrome engineer Jason Kersey announced in a blog post.

The security breach was identified during a hacker conference in Kuala Lumpur, Malaysia.

Pinkie Pie won a similar $60,000 prize in March from Google.

Kersey added he was “delighted at the success” of the hacker conference and predicts further improvements to the browser.

Google engineer Chris Evans reported that Chrome fixed the bug in less than 10 hours on Wednesday after the teen discovered them, according to The New York Daily News.

The bug let the hacker “escape the sandbox and execute code on a machine,” according to ZDNet. The hacker found the bug “by combining two separate exploits,” the source added.

"We're happy to confirm that we received a valid exploit from returning pwner, Pinkie Pie. This pwn relies on a WebKit Scalable Vector Graphics (SVG) compromise to exploit the renderer process and a second bug in the IPC (News - Alert) layer to escape the Chrome sandbox," Evans was quoted by ZDNet.

"Since this exploit depends entirely on bugs within Chrome to achieve code execution, it qualifies for our highest award level as a full Chrome exploit," he added.

Google started the "Chromium Security Rewards Program" in 2010. The company first gave small amounts of money as a reward for outsiders who found security vulnerabilities in the Chrome browser. In February, the "Pwnium" contest was introduced by Google, which offered larger cash awards.

Pinkie Pie was one of two hackers who won a $60,000 reward at the earlier event, according to CNN Money.

“We’re happy to make the Web safer by any means – even rewarding vulnerabilities outside of our immediate control,” Google said in a recent blog post.

Google was able to make improvements based on the earlier event. “We were able to make Chromium significantly stronger based on what we learned,” Google said in the blog post.

In a related matter, October is observed as National Cyber Security Awareness Month (NCSAM). It encourages businesses, schools, consumers, government agencies, and the general public to become more aware of cyber security, TMCnet said. Hacking is one of the security threats addressed during the observance.

Edited by Braden Becker

Subscribe to InfoTECH Spotlight eNews

InfoTECH Spotlight eNews delivers the latest news impacting technology in the IT industry each week. Sign up to receive FREE breaking news today!
FREE eNewsletter

infoTECH Whitepapers