Chrome logo

Google Offers Up To $1 Million In Hacking Contest To Exploit Chrome

Google ups the reward for hackers who find ‘zero-day’ bug exploits in its browser

On by Jiten Karia 1

Google has revealed that it will be offering up to $1 million (£630,000) in rewards for Chrome exploits at this year’s CanSecWest security conference in Vancouver.

Having come away spotless at the event’s Pwn2Own competition for three years, the search giant has increased the incentive for hackers and security experts to attempt to exploit Chrome.

Cash for hacks

Google’s total bounty of $1 million is split up into individual awards of $20,000 (£12,600), $40,000 (£25,200) and $60,000 (£37,800) for three distinct categories of exploits.

The lowest sum will be given for exploits which do not use bugs in Chrome, but instead use one or more from Flash, Windows or a driver. The middle tier reward will be paid out for exploits which use at least one Chrome bug plus another. The highest amount requires hackers to exploit Chrome using only bugs found in the browser.

As stated on the Chromium blog, multiple rewards will be paid out on a first-come-first-served basis up to the $1 million limit. Last year, Google offered $20,000 (£12,600) on top of the $15,000 (£9,460) provided by the Pwn2Own organiser Tipping Point, but paid out nothing as Chrome stood strong whilst Firefox and Internet Explorer succumbed to exploits.

Part of the reason why Google is offering larger rewards this year is due to contestants’ difficulty in bypassing the security sandbox, as is Google’s requirement that all successful exploits be fully revealed, something the Pwn2Own competition does not make compulsory.

“We require each set of exploit bugs to be reliable, fully functional end to end, disjoint, of critical impact, present in the latest versions and genuinely “0-day,” i.e. not known to us or previously shared with third parties,” wrote Chris Evans and Justin Schuh in the blog post.

“The aim of our sponsorship is simple: we have a big learning opportunity when we receive full end-to-end exploits. Not only can we fix the bugs, but by studying the vulnerability and exploit techniques we can enhance our mitigations, automated testing, and sandboxing. This enables us to better protect our users.”

How well do you know google? Find out with our quiz!

White Papers

Techweekeurope for mobile devices
Android-App Google Currents App for iOS

Last comment




One reply to Google Offers Up To $1 Million In Hacking Contest To Exploit Chrome

  • On February 28, 2012 at 3:57 pm by Sarah

    This seems like a great way to find flaws in a product and fix them, before someone else finds them. Google, as a company, is definitely in a unique position to do this; to be able to offer such a large reward. Having independent users find bugs will help Google to improve Chrome, and in turn, a better product for consumers.

    Sarah
    Mosaic Technology
    http://www.mosaictec.com

Leave a Reply

  • Required fields are marked *,
    Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>