Google began a competition called Pwnium last week that tasked hackers to find exploits on its Chrome Web browser. We reported how one Russian student had won $60,000 for his hack.
The Google Chrome security team posted on Chrome blog that the total payout in the last week for Pwnium is now up to $120,000. They were paid out to two submissions, one of which came from Sergey Glazunov. Google was able to roll out updates to patch these security flaws within 24 hours of being exploited.
Exploits are normally patched by a security team that has limited information in regards to how the hacker exploited their software. They are usually forced to guess how the exploit was implemented by the trail left behind by the hacker. The Pwnium contest is akin to a controlled environment where the Chrome team can see the exploit in its entirety and have time to study it before rolling out an update.
The Chrome security team also detailed a third exploit that was discovered at a different event last week. The exploit in question used a vulnerability in the Flash Player plug-in that could affect all browsers. The exploit was detailed to Adobe and their team is working on a patch that will be implemented in the near future.
Speaking of Flash Player, Google announced that they are working with Adobe to provide a version of Flash Player that will run natively inside the Chrome sandbox. The Chromebook already has this functionality.
All of this just goes to show you that there are good hackers out there. Hackers are usually painted in a bad light due to the actions of rogue agents, but the majority of them are just making the Web a safer and better place.