Hack Google's Chrome Browser, Get Up to $60,000 USD
Google is offering up to $1 million in prizes for successfully hacking the Chrome web browser.
On Monday Google said it is now shelling out up to $1 million worth of rewards for anyone who can crack open its Chrome web browser.
According to Chris Evans and Justin Schuh of the Google Chrome Security Team, the biggest cash prize of $60,000 will go to those who discover a "full Chrome exploit" using bugs found only within Chrome itself. $40,000 will be awarded to those who perform a partial Chrome exploit using at least one Chrome bug plus other OS bugs (a WebKit bug combined with a Windows sandbox bug, for example).
"Originally, our plan was to sponsor as part of this year’s Pwn2Own competition," the Google Chrome Security team said on Monday. "Unfortunately, we decided to withdraw our sponsorship when we discovered that contestants are permitted to enter Pwn2Own without having to reveal full exploits (or even all of the bugs used!) to vendors. Full exploits have been handed over in previous years, but it’s an explicit non-requirement in this year’s contest, and that’s worrisome."
Thus, Google is now offering rewards for hacking its web browser outside the Pwn2Own competition. In addition to the Full Chrome Exploit and Partial Chrome Exploit categories, Google will also offer $20,000 to those who fall under the "Consolation reward, Flash / Windows / other" category, or rather, those who discover bugs that could threaten users in any browser including bugs in one or more of Flash, Windows or a device driver.
The team said Google is offering consolation prizes because these findings help propel the company's overall mission to make the entire web safer to crawl no matter what browser is used.
"We will issue multiple rewards per category, up to the $1 million limit, on a first-come-first served basis," the blog reads. "There is no splitting of winnings or 'winner takes all.' We require each set of exploit bugs to be reliable, fully functional end to end, disjoint, of critical impact, present in the latest versions and genuinely '0-day,' i.e. not known to us or previously shared with third parties. Contestant’s exploits must be submitted to and judged by Google before being submitted anywhere else."
All winners will also receive a Chromebook, the team said.
Stay On the Cutting Edge: Get the Tom's Hardware Newsletter
Get Tom's Hardware's best news and in-depth reviews, straight to your inbox.
Zero-day Windows NTLM hash vulnerability gets patched by third-party — credentials can be hijacked by merely viewing a malicious file in File Explorer
US govt says Cisco gear often targeted in China's Salt Typhoon attacks on 8 telecommunications providers — issues Cisco-specific advice to patch networks to fend off attacks
-
amstech Not original but a good way to make your software more secure.Reply
It will ALWAYS be breachable though, code is transparent. -
synd Google is doing it right. It's way cheaper for them to do this instead of hiring people long-term.Reply -
rocknrollz RADIO_ACTIVEAnon jump on this and get funded lolReply
I really doubt Google will do this in an uncontrolled environment. Yes, they want this to be publicity to show that they have the "safest" browser. But I am sure that when the hacker "if" the hacker gets through they want to know how to patch up the security holes. -
RADIO_ACTIVE RockNRollzI really doubt Google will do this in an uncontrolled environment. Yes, they want this to be publicity to show that they have the "safest" browser. But I am sure that when the hacker "if" the hacker gets through they want to know how to patch up the security holes.It was a joke... now laugh sirReply -
juncture RADIO_ACTIVEAnon jump on this and get funded lolI don't think they need the money. Even LulzSec denied a $10,000 reward for hacking a website that also offered a job position at a security firm.Reply