Google Offers Up To $1 Million In Hacking Contest To Exploit Chrome
Google ups the reward for hackers who find ‘zero-day’ bug exploits in its browser
Google has revealed that it will be offering up to $1 million (£630,000) in rewards for Chrome exploits at this year’s CanSecWest security conference in Vancouver.
Having come away spotless at the event’s Pwn2Own competition for three years, the search giant has increased the incentive for hackers and security experts to attempt to exploit Chrome.
Cash for hacks
Google’s total bounty of $1 million is split up into individual awards of $20,000 (£12,600), $40,000 (£25,200) and $60,000 (£37,800) for three distinct categories of exploits.
The lowest sum will be given for exploits which do not use bugs in Chrome, but instead use one or more from Flash, Windows or a driver. The middle tier reward will be paid out for exploits which use at least one Chrome bug plus another. The highest amount requires hackers to exploit Chrome using only bugs found in the browser.
As stated on the Chromium blog, multiple rewards will be paid out on a first-come-first-served basis up to the $1 million limit. Last year, Google offered $20,000 (£12,600) on top of the $15,000 (£9,460) provided by the Pwn2Own organiser Tipping Point, but paid out nothing as Chrome stood strong whilst Firefox and Internet Explorer succumbed to exploits.
Part of the reason why Google is offering larger rewards this year is due to contestants’ difficulty in bypassing the security sandbox, as is Google’s requirement that all successful exploits be fully revealed, something the Pwn2Own competition does not make compulsory.
“We require each set of exploit bugs to be reliable, fully functional end to end, disjoint, of critical impact, present in the latest versions and genuinely “0-day,” i.e. not known to us or previously shared with third parties,” wrote Chris Evans and Justin Schuh in the blog post.
“The aim of our sponsorship is simple: we have a big learning opportunity when we receive full end-to-end exploits. Not only can we fix the bugs, but by studying the vulnerability and exploit techniques we can enhance our mitigations, automated testing, and sandboxing. This enables us to better protect our users.”
How well do you know google? Find out with our quiz!