Pinkie Pie hacker strikes again; Google repairs two major Chrome vulnerabilities

The Chrome hacker known as “Pinkie Pie” helped reveal a serious flaw in the browser’s media handler that was patched last week with the release of Chrome 23. That update also fixed a file path handling problem, which was discovered by Google’s in-house researchers.

BROWSER BATTLE: Chrome vs. Firefox vs. IE vs. Opera

Reports from the H Online and ThreatPost indicate that Pinkie Pie received $7,331 for his work in uncovering the media handler issue. The same hacker won a further $60,000 two months ago for similar work at the Hack in the Box competition, and another prize of the same amount in March at its Pwnium event.

Larger cash rewards for bug reports, according to ThreatPost, are handed out by Google for “particularly severe or unusual bugs,” of which Pinkie Pie’s latest find was apparently one.

Also rewarded for work on Chrome 23’s security, the H Online reported, was a hacker who found a “medium”-rated vulnerability in the browser’s WebGL implementation. Discovering the problem, which centered on a heap buffer overflow, earned the unnamed researcher $3,500.

Google has not made full details of the vulnerabilities available to the public, with the official announcement stating only that the aforementioned flaws had been corrected, and that the details would be withheld until “a majority of our users are up to date with the fix.”

Chrome is known for quick vulnerability patching, thanks to its automatic updating policy that pushes fixes out in the background, without any interaction with the end user. This means that more detailed information from Google could be made public soon.

Email Jon Gold at jgold@nww.com and follow him on Twitter at @NWWJonGold.

Read more about software in Network World’s Software section.