Google its Pwnium 2 competition at Hack in the Box 2012, offered up a total of $2 million for Chrome security holes.
Only one was found, by a young hacker who goes by the handle “Pinkie Pie”, and this won him a $60,000 cash prize and a free Chromebook.
Today the flaw was patched and Google announced a new version of Chrome for Windows, Mac, and Linux. The latest release can be downloaded directly from google.com/chrome.
Google said that it was proof of the need of the Pwnium competition.
Writing in the Google bog, the search engine said that the exploit relies on a WebKit Scalable Vector Graphics compromise to exploit the renderer process and a second bug in the IPC layer to escape the Chrome sandbox.
The exploit depends entirely on bugs within Chrome to achieve code execution, it qualifies for the highest award level as a “full Chrome exploit,” a $60,000 prize and free Chromebook.
Google launched the Pwnium competition as an alternative to the Pwn2own contest, from which it withdrew its sponsorship this year because the 2012 rules did not require full disclosure of exploits from winners.
Pwn2Own claimed that no hackers would attempt to exploit Chrome if their methods had to be disclosed, but Google disagreed and offered up $60,000 for Chrome-specific exploits.
Google also promised that non-Chrome vulnerabilities used would be immediately reported to the appropriate vendor.