Security News > 2023 > October > Exploit writers invited to probe Chrome’s V8 engine, Google Cloud’s KVM

Google is asking bug hunters and exploit writers to develop 0-day and n-day exploits in Chrome's V8 JavaScript engine and Google Cloud's Kernel-based Virtual Machine.
The exploit writers should make their exploitation attempts against a V8 version running on Google infrastructure.
In the latter case, the bug hunter is eligible to receive a reward for the discovered zero-day under the Chrome Vulnerability Reward Program, and a reward for the 0-day exploit under the v8CTF reward program - but they have to make sure the two submissions are sent from the same email address.
Google will pay $34,999 for arbitrary memory write exploits and $24,999 for arbitrary memory read exploits.
Finally, a successful denial-of-service exploit affecting the host will be rewarded with $14,999.
"KvmCTF is is focused on making exploiting Kernel-based Virtual Machine vulnerabilities harder by inviting security researchers to demonstrate their exploitation techniques on 0-day and 1-day vulnerabilities on LTS kernel versions. Eventually we might add experimental mitigations to KVM that we would like to see if and how researchers can bypass them," Google says.
News URL
https://www.helpnetsecurity.com/2023/10/09/exploit-writers-google/
Related news
- Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks (source)
- Google Cuts Off uBlock Origin on Chrome as Firefox Stands Firm on Ad Blockers (source)
- Google Acquires Wiz for $32 Billion in Its Biggest Deal Ever to Boost Cloud Security (source)
- Google to purchase Wiz for $32 billion in cloud security play (source)
- Google fixes Chrome zero-day exploited in espionage campaign (source)
- Google fixes exploited Chrome sandbox bypass zero-day (CVE-2025-2783) (source)
- Google Fixed Cloud Run Vulnerability Allowing Unauthorized Image Access via IAM Misuse (source)
- Google's got a hot cloud infosec startup, a new unified platform — and its eye on Microsoft's $20B+ security biz (source)
- Phishers Exploit Google Sites and DKIM Replay to Send Signed Emails, Steal Credentials (source)
- Google Drops Cookie Prompt in Chrome, Adds IP Protection to Incognito (source)