"Google Expands Bug Bounty Program With Chrome, Cloud CTF Events"

Google has recently announced the expansion of its vulnerability rewards program with two events focused on Chrome’s V8 JavaScript rendering engine and on Kernel-based Virtual Machine (KVM).  The v8CTF, which has already started, allows security researchers to earn monetary rewards for successfully exploiting a V8 version running on Google’s infrastructure.  According to the program’s rules, security researchers submitting valid exploits are eligible for a reward of $10,000.  The kvmCTF is set to be launched later this year.  It will reward researchers for exploits targeting zero-day and one-day vulnerabilities in KVM, the open-source virtualization module in the Linux kernel that allows it to function as a hypervisor.  Google promises rewards of up to $99,999 for exploits leading to a full VM escape, but it will also reward arbitrary memory write/read ($34,999 and $24,999, respectively) and denial-of-service (DoS) exploits ($14,999).  Google noted that security researchers interested in participating are encouraged to read the rules for v8CTF and kvmCTF, exploit an identified vulnerability to grab the flag, and send it to them, as specified in the rules.

SecurityWeek reports: "Google Expands Bug Bounty Program With Chrome, Cloud CTF Events"