Updated: A teenage hacker has launched a successful full exploit against Google Chrome at the HackInTheBox conference in Malaysia.
The exploit, now confirmed by Google’s US headquarters, earned the teenage hacker known as Pinkie Pie the top US$60,000 cash reward during Google’s Pwnium 2 event yesterday afternoon.
Google engineer Chris Evans said the attack targeted two vulnerabilities. One exploited the Scalable Vector Graphics function in Chrome's WebKit that led to compromise of the rendering process. The second bug affected the IPC layer to escape the Chrome sandbox.
It took Google only 10 hours to release a patch for the holes.
The company will give away up to a total of US$2 million during the event.
It will be the second time Pinkie Pie has scored the lucrative top prize. In March this year he strung together six vulnerabilities to escape the Chrome sandbox during the CanSecWest Pwnium event.
That exploit was done on an updated Windows 7 64bit machine and only required normal user web browsing.
Google dedicates three teams to exploits uncovered during Pwnium and can have a patch ready within 24 hours.
It formed Pwnium after pulling out of the pwn2own competition which did not require entrants to reveal information on their exploits.
Copyright © SC Magazine, Australia
Processing registration... Please wait.
This process can take up to a minute to complete.
A confirmation email has been sent to your email address - SUPPLIED GOES EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @itnews.com.au to your white-listed senders.