Asserting the Chrome Browser Full Chain Exploit Bonus

For 13 years, a key pillar of the Chrome Safety ecosystem has included encouraging safety researchers to seek out safety vulnerabilities in Chrome browser and report them to us, by way of the Chrome Vulnerability Rewards Program.

Beginning right this moment and till 1 December 2023, the primary safety bug report we obtain with a useful full chain exploit, leading to a Chrome sandbox escape, is eligible for triple the total reward quantity. Your full chain exploit may end in a reward as much as $180,000 (doubtlessly extra with different bonuses).

Any subsequent full chains submitted throughout this time are eligible for double the total reward quantity!

We’ve traditionally put a premium on stories with exploits – “prime quality stories with a useful exploit” is the very best tier of reward quantities in our Vulnerability Rewards Program. Over time, the risk mannequin of Chrome browser has advanced as options have matured and new options and new mitigations, such a MiraclePtr, have been launched. Given these evolutions, we’re at all times thinking about explorations of latest and novel approaches to totally exploit Chrome browser and we wish to present alternatives to raised incentivize this kind of analysis. These exploits present us useful perception into the potential assault vectors for exploiting Chrome, and permit us to determine methods for higher hardening particular Chrome options and concepts for future broad-scale mitigation methods.

The total particulars of this bonus alternative can be found on the Chrome VRP guidelines and rewards web page. The abstract is as follows:

  • The bug stories could also be submitted prematurely whereas exploit improvement continues throughout this 180-day window. The useful exploits should be submitted to Chrome by the top of the 180-day window to be eligible for the triple or double reward.
    • The primary useful full chain exploit we obtain is eligible for the triple reward quantity.
  • The total chain exploit should end in a Chrome browser sandbox escape, with an indication of attacker management / code execution outdoors of the sandbox.
  • Exploitation should be capable of be carried out remotely and no or very restricted reliance on person interplay.
  • The exploit will need to have been useful in an lively launch channel of Chrome (Dev, Beta, Steady, Prolonged Steady) on the time of the preliminary stories of the bugs in that chain. Please don’t submit exploits developed from publicly disclosed safety bugs or different artifacts in outdated, previous variations of Chrome.

As is in keeping with our basic rewards coverage, if the exploit permits for distant code execution (RCE) within the browser or different highly-privileged course of, resembling community or GPU course of, to end in a sandbox escape with out the necessity of a primary stage bug, the reward quantity for renderer RCE “prime quality report with useful exploit” could be granted and included within the calculation of the bonus reward whole.

Based mostly on our present Chrome VRP reward matrix, your full chain exploit may end in a complete reward of over $165,000 -$180,000 for the primary full chain exploit and over $110,000 – $120,000 for subsequent full chain exploits we obtain within the six month window of this reward alternative.

We’d prefer to thank our whole Chrome researcher neighborhood to your previous and ongoing efforts and safety bug submissions! You’ve actually helped us make Chrome safer for all customers.

Completely satisfied Looking!

Leave a Reply

Your email address will not be published. Required fields are marked *