Skip to main content

Teenaged hacker 'Pinkie Pie' awarded £37,000 for uncovering Google Chrome vulnerability

Google has awarded $60,000 (£37,000) to a teenaged hacker who uncovered a bug in the search giant's Chrome browser.

The hacker, known as Pinkie Pie, successfully exploited Chrome at Google's Pwnium 2 competition at Hack in the Box 2012 in Kuala Lumpur.

"This pwn relies on a WebKit Scalable Vector Graphics (SVG) compromise to exploit the renderer process and a second bug in the IPC layer to escape the Chrome sandbox," Chris Evans, a Google software engineer, wrote in a blog post. "Since this exploit depends entirely on bugs within Chrome to achieve code execution, it qualifies for our highest award level as a 'full Chrome exploit,' a $60,000 prize and free Chromebook."

Google said it patched the bug, which was categorised as critical, within 10 hours of Pinkie Pie's award-winning hack. An updated version of the browser has since been rolled out.

At the Pwn2Own 2012 event in March, a Russian teenager demonstrated the first zero-day exploit in Chrome and also won $60,000 as part of Google's bug bounty program. An update was released shortly thereafter.

In August, Google increased its base bug bounty offering from $1,000 to $2,000 (£620 - £1,240) after a seeing a "significant drop-off" in reported vulnerabilities in Chromium.

Since 2010, Google has rewarded more than $1 million (£620,000) to bounty hunters. In recent years, other tech companies have launched similar programs, including Facebook, PayPal, and even Etsy. Microsoft recently offered the Blue Hat prize for preventative security ideas.