Google Chrome, Cloud part of expanded bug bounty program

Google has added capture the flag events for determining flaws impacting the Chrome browser's V8 JavaScript rendering engine and Kernel-based Virtual Machines as part of its expanded vulnerability rewards program, according to SecurityWeek. Exploits for new V8 vulnerabilities will be considered zero-day submissions but known flaws could also be submitted by researchers, said Google, which will be giving $10,000 for valid exploits. "This is on top of any existing rewards for the vulnerabilities themselves. For example, if you find a vulnerability in V8 and then write an exploit for it, it can be eligible under both the Chrome VRP and the v8CTF," Google noted. Meanwhile, the kvmCTF event that is poised to be unveiled later this year will provide awards for zero- and one-day vulnerability exploits in KVM, with up to $99,999 to be given for complete VM escape exploits. Google will also be handing over $34,999 and $24,999 for arbitrary memory write and read exploits, respectively, while denial-of-service exploits will net a reward of $14,999.