Google has revealed that it will be offering up to $1 million (£630,000) in rewards for Chrome exploits at this year’s CanSecWest security conference in Vancouver.
Having come away spotless at the event’s Pwn2Own competition for three years, the search giant has increased the incentive for hackers and security experts to attempt to exploit Chrome.
The lowest sum will be given for exploits which do not use bugs in Chrome, but instead use one or more from Flash, Windows or a driver. The middle tier reward will be paid out for exploits which use at least one Chrome bug plus another. The highest amount requires hackers to exploit Chrome using only bugs found in the browser.
As stated on the Chromium blog, multiple rewards will be paid out on a first-come-first-served basis up to the $1 million limit. Last year, Google offered $20,000 (£12,600) on top of the $15,000 (£9,460) provided by the Pwn2Own organiser Tipping Point, but paid out nothing as Chrome stood strong whilst Firefox and Internet Explorer succumbed to exploits.
Part of the reason why Google is offering larger rewards this year is due to contestants’ difficulty in bypassing the security sandbox, as is Google’s requirement that all successful exploits be fully revealed, something the Pwn2Own competition does not make compulsory.
“We require each set of exploit bugs to be reliable, fully functional end to end, disjoint, of critical impact, present in the latest versions and genuinely “0-day,” i.e. not known to us or previously shared with third parties,” wrote Chris Evans and Justin Schuh in the blog post.
“The aim of our sponsorship is simple: we have a big learning opportunity when we receive full end-to-end exploits. Not only can we fix the bugs, but by studying the vulnerability and exploit techniques we can enhance our mitigations, automated testing, and sandboxing. This enables us to better protect our users.”
How well do you know google? Find out with our quiz!
German foreign minister warns Russia will face consequences for “absolutely intolerable” cyberattack on ruling party,…
Google is reportedly laying off at least 200 staff from its “Core” organisation, including key…
Investor appeasement? Apple unveils huge $110 billion share buyback program, as sales of iPhone decline…
Tesla retreats from pioneering gigacasting manufacturing process, amid cost cutting and challenges at EV giant
No skynet please. After the US, UK and France pledge human only control of nuclear…
Microsoft's AI investments continue in south east Asia, after investments in Japan, Malaysia, Indonesia, as…
View Comments
This seems like a great way to find flaws in a product and fix them, before someone else finds them. Google, as a company, is definitely in a unique position to do this; to be able to offer such a large reward. Having independent users find bugs will help Google to improve Chrome, and in turn, a better product for consumers.
Sarah
Mosaic Technology
http://www.mosaictec.com