Google Awards Geohot $150,000 for Revealing ChromeOS Exploits

Geohot won the coveted $150,000 award from Google at the recently held Pwnium 4 security competition at CanSecWest in Vancouver. The award signals Geohot's landmark achievement in revealing key exploits in Google's Chrome operating system.

The competition witnessed several hackers showcasing their talent in finding original and unreported exploits based on security bugs in Chrome OS such as Chrome coupled with Flash, Chrome OS kernel and firmware, and default apps on Chrome OS.

The famed iOS hacker has hogged the limelight for his past exploits with PS3 security bugs, prior to his venture with Facebook, iOSDevCamp and now Google's Chrome OS.

Here is what Google announced on its Chrome Release blog while applauding Geohot's invaluable contribution towards improving Chrome OS security features and fixing existing bugs:

Security Fixes and Rewards

Congratulations to geohot for an epic Pwnium competition win. Pinkie Pie provided a fascinating set of vulnerabilities that will be rewarded through the Chrome VRP program. Moreover, one of the bugs exploited by VUPEN on Pwn2Own affected Chrome OS.

We're delighted at the success of Pwnium and the ability to study full exploits. We anticipate landing additional changes and hardening measures for these vulnerabilities in the near future. We also believe that both Pwnium submissions are works of art and deserve wider sharing and recognition. We plan to do technical reports on these submissions in the future.

- [Like a c-c-c-c-hamp!!! $150,000] [351788] Persistent code execution on Chrome OS. Credit to geohot.
- [351787] High CVE-2014-1705: Memory corruption in V8
- [351796] Low CVE-2014-1706: Command Injection in Crosh
- [351811] High CVE-2014-1707: Path traversal issue in CrosDisks
- [344051] Critical CVE-2014-1708: Issue with file persistence at boot
- [$TBD] [352492] Sandboxed code execution and kernel OOB write.Credit to Pinkie Pie.
- [351852] High CVE-2014-1710: Memory corruption in GPU command buffer
- [351855] High CVE-2014-1711: Kernel OOB write in GPU driver
- [352374] High CVE-2014-1713: Use-after-free in Blink bindings. Credit to VUPEN.

Geohot has been instrumental in the past for his work on unlocking iPhone baseband (05.11.07) on iOS 3.1.2 fetching him $10,000 as reward.

Recently, the hacker was accused of striking a deal for exchanging iOS 7 jailbreak for a staggering $350,000 bounty. He, however, denied having any such involvement with third-party companies.