803813aa3b2c1a81977146ad5b277aeb431b36ca default

Sandbox Escape

  • Bounties provided by IBB

The Internet Bug Bounty is issuing rewards for sandbox escapes - techniques that allow vulnerabilities to escape popular application sandboxes. The specifics of these techniques will differ between implementations but typically manifest as a kernel vulnerability, broker vulnerability, or logic error.

Qualifying Application Sandboxes

  • Chrome (for any sandboxed process types including renderers, Pepper Flash and NaCl)
  • Internet Explorer 10 EPM
  • Adobe Reader (sandboxed in X and newer)
  • Adobe Flash

Qualifying Operating Systems

  • Windows 7+
  • Linux, latest upstream version
  • OSX, latest release

Additional Guidance

  • Qualifying vulnerabilities must reliably demonstrate the ability, or likely ability, to escape one of the defined sandboxes. Demonstrating full exploitation is helpful but not necessarily required to qualify.
  • Implementation bugs in these sandboxes themselves are not in scope and should be reported directly to the appropriate vendor. Your submission should include why you believe the bug is external to the application itself (e.g., a kernel bug).
  • The Panel is a group of your peers serving as volunteers. They have limited amount of free time to deeply investigate bugs, so they kindly request that you write clear, concise reports ideally accompanied with a working proof-of-concept. e.g., do not send unminimized raw fuzz dumps, and do send evidence that any crash is likely exploitable.
  • The Panel is available to assist with the coordinated disclosure of any potential vulnerabilities. However, we recognize that we may not be the most effective avenue in all circumstances. We will gladly consider rewards for vulnerabilities that have been publicly disclosed through some other means, provided they adhered to our disclosure guidelines.
  • Examples of qualifying vulnerabilities: CVE-2013-0913, CVE-2013-1300

Bounty Guidance

  • Minimum reward of $5,000 with significantly higher rewards granted at the Panel's discretion
The Internet Bug Bounty rewarded yopwn with a $3,000 bounty for a Sandbox Escape bug.
12 months ago
Sandbox Escape resolved a report that was submitted by yopwn.
12 months ago
Sandbox Escape published their program on HackerOne.
Almost 2 years ago
  • $5,000
    Minimum bounty
  • $32,000
    Paid to hackers
  • 6
    Hackers thanked
  • 9
    Reports closed