Security News > 2023 > June > Google triples rewards for Chrome sandbox escape chain exploits
Google announced today that bug bounty hunters who report sandbox escape chain exploits targeting its Chrome web browser are now eligible for triple the standard reward until December 1st, 2023.
"The full chain exploit must result in a Chrome browser sandbox escape, with a demonstration of attacker control / code execution outside of the sandbox. The exploit scenario must be fully remote and the exploit able to be used by a remote attacker," Google explains.
"Eligible full chain exploits must work against Extended Stable, Stable, or Beta releases of Chrome at the time of the initial bug reports. If the exploit is provided after the bug is resolved, it is only required to work against production versions of Chrome shipping at the time of the original report."
Subsequent full-chain exploits submitted through the Chrome VRP will also get a significant bonus that will double the regular reward.
"These exploits provide us valuable insight into the potential attack vectors for exploiting Chrome, and allow us to identify strategies for better hardening specific Chrome features and ideas for future broad-scale mitigation strategies," said Amy Ressler, a Chrome Security Team Senior Technical Program Manager.
Last year alone, Google paid $12 million, with a record-breaking $605,000 reward to gzobqq for a series of five security bugs part of an Android exploit chain.
News URL
Related news
- Lazarus hackers used fake DeFi game to exploit Google Chrome zero-day (source)
- Lazarus Group Exploits Google Chrome Vulnerability to Control Infected Devices (source)
- Google Adds New Pixel Security Features to Block 2G Exploits and Baseband Attacks (source)
- Google to let businesses create curated Chrome Web Stores for extensions (source)
- How to enable Safe Browsing in Google Chrome on Android (source)
- New tool bypasses Google Chrome’s new cookie encryption system (source)
- Google says “Enhanced protection” feature in Chrome now uses AI (source)