Google has revealed that it will be offering up to $1 million (£630,000) in rewards for Chrome exploits at this year’s CanSecWest security conference in Vancouver.
Having come away spotless at the event’s Pwn2Own competition for three years, the search giant has increased the incentive for hackers and security experts to attempt to exploit Chrome.
The lowest sum will be given for exploits which do not use bugs in Chrome, but instead use one or more from Flash, Windows or a driver. The middle tier reward will be paid out for exploits which use at least one Chrome bug plus another. The highest amount requires hackers to exploit Chrome using only bugs found in the browser.
As stated on the Chromium blog, multiple rewards will be paid out on a first-come-first-served basis up to the $1 million limit. Last year, Google offered $20,000 (£12,600) on top of the $15,000 (£9,460) provided by the Pwn2Own organiser Tipping Point, but paid out nothing as Chrome stood strong whilst Firefox and Internet Explorer succumbed to exploits.
Part of the reason why Google is offering larger rewards this year is due to contestants’ difficulty in bypassing the security sandbox, as is Google’s requirement that all successful exploits be fully revealed, something the Pwn2Own competition does not make compulsory.
“We require each set of exploit bugs to be reliable, fully functional end to end, disjoint, of critical impact, present in the latest versions and genuinely “0-day,” i.e. not known to us or previously shared with third parties,” wrote Chris Evans and Justin Schuh in the blog post.
“The aim of our sponsorship is simple: we have a big learning opportunity when we receive full end-to-end exploits. Not only can we fix the bugs, but by studying the vulnerability and exploit techniques we can enhance our mitigations, automated testing, and sandboxing. This enables us to better protect our users.”
How well do you know google? Find out with our quiz!
Expansion among chaos. Amazon considering warehouse expansion in US, and already cancelled some Chinese orders
Loose lips sink...your job. Federal communications reportedly being spied upon by Musk's DOGE, using AI…
Apple's share price plummets over 23 percent in recent days, promoting Microsoft as world's most…
Global markets continue to plummet, as Trump tariffs go into force - including a 104…
Discover how businesses can cut through the AI hype, set realistic goals, and achieve real…
British regulator Ofcom announces first investigation under new digital safety laws, into an online suicide…
View Comments
This seems like a great way to find flaws in a product and fix them, before someone else finds them. Google, as a company, is definitely in a unique position to do this; to be able to offer such a large reward. Having independent users find bugs will help Google to improve Chrome, and in turn, a better product for consumers.
Sarah
Mosaic Technology
http://www.mosaictec.com