Google has revealed that it will be offering up to $1 million (£630,000) in rewards for Chrome exploits at this year’s CanSecWest security conference in Vancouver.
Having come away spotless at the event’s Pwn2Own competition for three years, the search giant has increased the incentive for hackers and security experts to attempt to exploit Chrome.
The lowest sum will be given for exploits which do not use bugs in Chrome, but instead use one or more from Flash, Windows or a driver. The middle tier reward will be paid out for exploits which use at least one Chrome bug plus another. The highest amount requires hackers to exploit Chrome using only bugs found in the browser.
As stated on the Chromium blog, multiple rewards will be paid out on a first-come-first-served basis up to the $1 million limit. Last year, Google offered $20,000 (£12,600) on top of the $15,000 (£9,460) provided by the Pwn2Own organiser Tipping Point, but paid out nothing as Chrome stood strong whilst Firefox and Internet Explorer succumbed to exploits.
Part of the reason why Google is offering larger rewards this year is due to contestants’ difficulty in bypassing the security sandbox, as is Google’s requirement that all successful exploits be fully revealed, something the Pwn2Own competition does not make compulsory.
“We require each set of exploit bugs to be reliable, fully functional end to end, disjoint, of critical impact, present in the latest versions and genuinely “0-day,” i.e. not known to us or previously shared with third parties,” wrote Chris Evans and Justin Schuh in the blog post.
“The aim of our sponsorship is simple: we have a big learning opportunity when we receive full end-to-end exploits. Not only can we fix the bugs, but by studying the vulnerability and exploit techniques we can enhance our mitigations, automated testing, and sandboxing. This enables us to better protect our users.”
How well do you know google? Find out with our quiz!
Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…
Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…
Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…
Welcome to Silicon In Focus Podcast: Tech in 2025! Join Steven Webb, UK Chief Technology…
European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…
San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…
View Comments
This seems like a great way to find flaws in a product and fix them, before someone else finds them. Google, as a company, is definitely in a unique position to do this; to be able to offer such a large reward. Having independent users find bugs will help Google to improve Chrome, and in turn, a better product for consumers.
Sarah
Mosaic Technology
http://www.mosaictec.com