Home Cyber Security Increasing our exploit reward program to Chrome and Cloud

Increasing our exploit reward program to Chrome and Cloud

Increasing our exploit reward program to Chrome and Cloud


In 2020, we launched a novel format for our vulnerability reward program (VRP) with the kCTF VRP and its continuation kernelCTF. For the primary time, safety researchers may get bounties for n-day exploits even when they didn’t discover the vulnerability themselves. This format proved priceless in enhancing our understanding of essentially the most extensively exploited elements of the linux kernel. Its success motivated us to increase it to new areas and we’re now excited to announce that we’re extending it to 2 new targets: v8CTF and kvmCTF.

Right now, we’re launching v8CTF, a CTF targeted on V8, the JavaScript engine that powers Chrome. kvmCTF is an upcoming CTF targeted on Kernel-based Digital Machine (KVM) that will likely be launched later within the 12 months.

As with kernelCTF, we will likely be paying bounties for profitable exploits towards these platforms, n-days included. That is on prime of any current rewards for the vulnerabilities themselves. For instance, for those who discover a vulnerability in V8 after which write an exploit for it, it may be eligible below each the Chrome VRP and the v8CTF.

We’re at all times in search of methods to enhance the safety posture of our merchandise, and we wish to be taught from the safety neighborhood to grasp how they may strategy this problem. For those who’re profitable, you may not solely earn a reward, however you may additionally assist us make our merchandise safer for everybody. That is additionally a superb alternative to find out about applied sciences and achieve hands-on expertise exploiting them.

Moreover studying about exploitation methods, we’ll additionally leverage this program to experiment with new mitigation concepts and see how they carry out towards real-world exploits. For mitigations, it’s essential to evaluate their effectiveness early on within the course of, and you’ll assist us battle check them.

How do I take part?

  • First, be sure to take a look at the principles for v8CTF or kvmCTF. This web page incorporates up-to-date details about the sorts of exploits which are eligible for rewards, in addition to the boundaries and restrictions that apply.

  • After you have recognized a vulnerability current in our deployed model, exploit it, and seize the flag. It doesn’t even need to be an 0-day!

  • Ship us the flag by filling out the shape linked within the guidelines and we’ll take it from there.

We’re trying ahead to seeing what you could find!



Please enter your comment!
Please enter your name here