Security News > 2024 > July > Google now pays $250,000 for KVM zero-day vulnerabilities
Google has launched kvmCTF, a new vulnerability reward program first announced in October 2023 to improve the security of the Kernel-based Virtual Machine hypervisor that comes with $250,000 bounties for full VM escape exploits.
An active and key KVM contributor, Google developed kvmCTF as a collaborative platform to help identify and fix vulnerabilities, bolstering this vital security layer.
Unlike other vulnerability reward programs, kvmCTF focuses on zero-day vulnerabilities and will not reward exploits targeting known vulnerabilities.
"Participants will be able to reserve time slots to access the guest VM and attempt to perform a guest-to-host attack. The goal of the attack must be to exploit a zero day vulnerability in the KVM subsystem of the host kernel," said Google software engineer Marios Pomonis.
Google will receive details of discovered zero-day vulnerabilities only after upstream patches are released, ensuring the information is shared with the open-source community simultaneously.
Google patches exploited Android zero-day on Pixel devices.
News URL
Related news
- Google fixes Chrome zero-day with in-the-wild exploit (CVE-2024-4671) (source)
- Google Chrome emergency update fixes 6th zero-day exploited in 2024 (source)
- Google patches third exploited Chrome zero-day in a week (source)
- Google fixes third actively exploited Chrome zero-day in a week (source)
- Google Patches Yet Another Actively Exploited Chrome Zero-Day Vulnerability (source)
- Google fixes third exploited Chrome zero-day in a week (CVE-2024-4947) (source)
- Google fixes yet another Chrome zero-day exploited in the wild (CVE-2024-5274) (source)
- Google fixes eighth actively exploited Chrome zero-day this year (source)
- Week in review: Google fixes yet another Chrome zero-day exploit, YouTube as a cybercrime channel (source)
- Google warns of actively exploited Pixel firmware zero-day (source)