Myce.com Latest Updates

Google offering cash prizes to hackers who can exploit Chrome

Posted at 28 February 2012 18:22 CEST by etdragon

Think you can exploit Google’s Chrome browser? If you think you can it might be worth your while to attend the CanSecWest security conference next week and prove it. Google is giving away prizes totaling $1 million to those who can successfully hack their browser.

Google’s security team announced the contest, called Pwnium, on their blog on Monday. There are three prize brackets to be awarded $20,000, $40,000, and $60,000 per exploit depending on the severity of the exploit that can be demonstrated. People wishing to give this a whirl must do so on a Windows 7 machine running the Chrome browser. You won’t be able to split winnings and the prizes will be on a first come first serve basis until the total amount of $1 million is reached.

There is a similar contest that is now running in its sixth year at the CanSecWest security conference called Pwn2Own, which also awards people cash if they can remotely take control of computers by exploiting vulnerabilities found in fully patched browsers. Last year both Internet Explorer and Safari were taken down but no one even went after Chrome, despite the fact that Google offered an addition $20,000 on top of the contest’s $15,000 prize.

Google’s Chrome is currently the only browser eligible for the Pwn2Own contest that hasn’t yet been exploited. Contestants regularly cite the difficulty in bypassing Google’s security sandbox as the reason.

“While we’re proud of Chrome’s leading track record in past competitions, the fact is that not receiving exploits means that it’s harder to learn and improve,” wrote Chris Evans and Justin Schuh, members of the Google Chrome security team. “To maximize our chances of receiving exploits this year, we’ve upped the ante. We will directly sponsor up to $1 million worth of rewards.”

In that same blog post the security team revealed that they would be removing Chrome from the Pwn2Own contest because the rules didn’t require winners to reveal specifics of their exploits. The whole reason Google wants their browser to be hacked is so that they can fix potential vulnerabilities. A Google spokesperson told Ars Technica,

“Specifically, they do not have to reveal the sandbox escape component of their exploit. Sandbox escapes are very dangerous bugs so it is not in the best interests of user safety to have these kept secret. The whitehat community needs to fix them and study them. Our ultimate goal here is to make the web safer.”

We’ll see if the extra cash Google is offering is enough to get hackers to try and topple Chrome this year.

Click to share

There are 0 comments

Post your comment

You need to register before you can comment

Like us

Most popular headlines

WZOR: Windows 9 RTM at the end of 2014

Russian leaker WZOR has posted information about Windows 9 again, revealing...

Arcsoft ends support for Total Media Theater

File this one under speculation/unsupported in your bad news inbox, but it seems...

Kingston HyperX 3.0 64GB USB3 Flash drive review - Speed, build quality and great looks

  • Mon 15 Sep 01:09 by Vroom

Review: Kingston DT HyperX 3.0 64GB Reviewed by: Antonis Sapanidis P...

Microsoft patch system seriously flawed - withdraws more updates

A week after the release of a security update for Microsoft Lync Server, the sof...

Reseachers: Cyberlockers are a hotbed for piracy and malware

Cloud Services where users can download illegal movies, music and software are a...

See all headlines

Community Activities

cholla posted a reaction to Funny but needed Signs
cholla posted a reaction to How I live now crash
diane7 posted a reaction to Funny but needed Signs
Follow Myce.com