Security News > 2023 > June > Google triples reward for Chrome full chain exploits
Google has tripled the full reward amount for the first security bug report that includes a functional full chain exploit of its popular Chrome browser.
Six months of higher rewards for a Chrome full chain exploit.
"We're always interested in explorations of new and novel approaches to fully exploit Chrome browser and we want to provide opportunities to better incentivize this type of research," said Amy Ressler from the Chrome Security Team.
"These exploits provide us valuable insight into the potential attack vectors for exploiting Chrome, and allow us to identify strategies for better hardening specific Chrome features and ideas for future broad-scale mitigation strategies."
"The full chain exploit must result in a Chrome browser sandbox escape, with a demonstration of attacker control / code execution outside of the sandbox," said Ressler.
Exploits developed from publicly disclosed security vulnerabilities and/or found in outdated versions of Chrome are not eligible.
News URL
https://www.helpnetsecurity.com/2023/06/02/chrome-full-chain-exploit/
Related news
- Google fixes Chrome zero-day with in-the-wild exploit (CVE-2024-4671) (source)
- Week in review: Google fixes yet another Chrome zero-day exploit, YouTube as a cybercrime channel (source)
- Google Chrome's new post-quantum cryptography may break TLS connections (source)
- Google Chrome is getting native support for YouTube-like video chapters (source)
- Google fixes fifth Chrome zero-day exploited in attacks this year (source)
- Google Chrome emergency update fixes 6th zero-day exploited in 2024 (source)
- Google patches third exploited Chrome zero-day in a week (source)
- Google fixes third actively exploited Chrome zero-day in a week (source)
- Google Patches Yet Another Actively Exploited Chrome Zero-Day Vulnerability (source)
- Google fixes third exploited Chrome zero-day in a week (CVE-2024-4947) (source)