AfterDawn: News

Google: $1 million says you can't exploit Chrome

Google has put $1 million on the line if security researchers or hackers can exploit their popular Chrome browser.

The company has also pulled out of the annual Pwn2Own contest, where they were regular sponsors. Google says there were changes in the rules by contest organizer Zero Day Initiative (ZDI) which they did not approve of: "We decided to withdraw our sponsorship when we discovered that contestants are permitted to enter Pwn2Own without having to reveal full exploits, or even all of the bugs used, to vendors. Full exploits have been handed over in previous years, but it's an explicit non-requirement in this year's contest, and that's worrisome."



Chrome is a "sandboxed" system which normally means any hack of the browser requires multiple exploits, and Chrome has remained untouched for years while other browsers like Internet Explorer, Firefox and Safari normally last just a few hours during the contest.

For the new $1 million prize, hackers will need to perform a "full Chrome exploit" which exploits Chrome on Windows 7 using only vulnerabilities in Chrome itself. That alone will bring $60,000 and every other partial exploit that uses one bug will earn $40,000. Additionally, Google will pay $20,000 for "consolation" exploits that "hack Chrome without using any vulnerabilities in the browser itself."

Concludes Google: "We will issue multiple rewards per category, up to the $1 million limit, on a first-come-first served basis."


Written by: Andre Yoskowitz @ 28 Feb 2012 14:17

• Previous article

• Yahoo threatens Facebook over IP licensing

• Next article

• IBM laying off 1000 workers

• 3 comments

• LordRuss

  Anonymous, be careful! Ploy like this will draw out malfeasance & criminals like lottery ticket winners to warrant decree stings.
  
  Not to mention... Didn't that poor 26 year old bastard get arrested & thrown in the hoosegow for just such an event not too long ago? Granted, he was throwing his own contest entry with Facebook, but similar security features were being tested I can assume. Sans the incriminating personal info obtained as well too; I mean if we're gong to be splitting hairs...
  

  http://onlyinrussellsworld.blogspot.com

  28.2.2012 14:31 #1

• i1der

  what i'm very confused with your comment, you saying offering a reward for hacking it and showing how was done? i like these contest.
  

  29.2.2012 18:35 #2

• LordRuss

  Originally posted by i1der: what i'm very confused with your comment, you saying offering a reward for hacking it and showing how was done? i like these contest. I can see how you'd be confused. Anonymous is with regards to the international hacking group. Being overly mental ambitious & typing 'out loud', I figured I would foreshadow a warning that a group (or groups) of such magnitude might want to shy away from such things. Contests like these "could" also be used as sting operations to catch "would be" or potential criminals. That was what I was prattling on about.
  
  The 26 year old was in this story LINK & is pretty much self explanatory as well.
  
  As for the contests as a whole, sure, I like them as well. What better way to get rid of all your internal 'yes' men & get folks to burrow through your security crap in order to get it fixed the fastest & cheapest.
  

  http://onlyinrussellsworld.blogspot.com

  1.3.2012 12:53 #3