Hack Google's Chrome Browser, Get Up to $60,000 USD

By Kevin Parrish
published

Google is offering up to $1 million in prizes for successfully hacking the Chrome web browser.

On Monday Google said it is now shelling out up to $1 million worth of rewards for anyone who can crack open its Chrome web browser.

According to Chris Evans and Justin Schuh of the Google Chrome Security Team, the biggest cash prize of $60,000 will go to those who discover a "full Chrome exploit" using bugs found only within Chrome itself. $40,000 will be awarded to those who perform a partial Chrome exploit using at least one Chrome bug plus other OS bugs (a WebKit bug combined with a Windows sandbox bug, for example).

"Originally, our plan was to sponsor as part of this year’s Pwn2Own competition," the Google Chrome Security team said on Monday. "Unfortunately, we decided to withdraw our sponsorship when we discovered that contestants are permitted to enter Pwn2Own without having to reveal full exploits (or even all of the bugs used!) to vendors. Full exploits have been handed over in previous years, but it’s an explicit non-requirement in this year’s contest, and that’s worrisome."

Thus, Google is now offering rewards for hacking its web browser outside the Pwn2Own competition. In addition to the Full Chrome Exploit and Partial Chrome Exploit categories, Google will also offer $20,000 to those who fall under the "Consolation reward, Flash / Windows / other" category, or rather, those who discover bugs that could threaten users in any browser including bugs in one or more of Flash, Windows or a device driver.

The team said Google is offering consolation prizes because these findings help propel the company's overall mission to make the entire web safer to crawl no matter what browser is used.

"We will issue multiple rewards per category, up to the $1 million limit, on a first-come-first served basis," the blog reads. "There is no splitting of winnings or 'winner takes all.' We require each set of exploit bugs to be reliable, fully functional end to end, disjoint, of critical impact, present in the latest versions and genuinely '0-day,' i.e. not known to us or previously shared with third parties. Contestant’s exploits must be submitted to and judged by Google before being submitted anywhere else."

All winners will also receive a Chromebook, the team said.

Kevin Parrish
13 Comments Comment from the forums
  • RADIO_ACTIVE
    Anon jump on this and get funded lol
    Reply
  • amstech
    Not original but a good way to make your software more secure.
    It will ALWAYS be breachable though, code is transparent.
    Reply
  • qhoa1385
    *Presses F12*
    Profit

    Hahaha
    Reply
  • synd
    Google is doing it right. It's way cheaper for them to do this instead of hiring people long-term.
    Reply
  • __-_-_-__
    RADIO_ACTIVEAnon jump on this and get funded lol+999999999999
    Reply
  • rocknrollz
    RADIO_ACTIVEAnon jump on this and get funded lol
    I really doubt Google will do this in an uncontrolled environment. Yes, they want this to be publicity to show that they have the "safest" browser. But I am sure that when the hacker "if" the hacker gets through they want to know how to patch up the security holes.
    Reply
  • RADIO_ACTIVE
    RockNRollzI really doubt Google will do this in an uncontrolled environment. Yes, they want this to be publicity to show that they have the "safest" browser. But I am sure that when the hacker "if" the hacker gets through they want to know how to patch up the security holes.It was a joke... now laugh sir
    Reply
  • pythy
    Quick!! Someone gimme an axe!!
    Reply
  • Hypertraxx
    pythyQuick!! Someone gimme an axe!!LOL LMAO,
    Hack ALL the google chromesssss!!
    Reply
  • juncture
    RADIO_ACTIVEAnon jump on this and get funded lolI don't think they need the money. Even LulzSec denied a $10,000 reward for hacking a website that also offered a job position at a security firm.
    Reply