Tuesday, February 28, 2012

Google's Giving $60,000 to Whoever Can Exploit Chrome [Security]

Source: http://gizmodo.com/5888839/googles-giving-60000-to-whoever-can-exploit-chrome

Google's Giving $60,000 to Whoever Can Exploit ChromeWhile both Safari and IE collapsed under the pressure from hackers at last year's Pwn2Own contest, not one person was able to crack Chrome. This year, Google's sweetening the pot with a million dollars in prizes to successful exploiters.

In fact, Chrome is the only browser in the contest's six year history to not be exploited—like, at all. Therefore Google will hand out prizes of $60,000, $40,000, and $20,000 for contestants able to remotely commandeer a fully-patched browser running on Windows 7. Finding a "Full Chrome Exploit," obtaining user account persistence using only bugs in the browser itself will net the $60k prize. Using webkits, flash, or a driver-based exploit can only earn the lesser amounts.

"While we're proud of Chrome's leading track record in past competitions, the fact is that not receiving exploits means that it's harder to learn and improve," wrote members of the Google Chrome security team in a post on Monday. "To maximize our chances of receiving exploits this year, we've upped the ante. We will directly sponsor up to $1 million worth of rewards."

The company will not, however, sponsor the contest itself as it has in year's past. Google pulled its support after finding that recent rule changes allowed hackers to claim prize money without actually revealing the inner workings of the exploit to vendors. Which is kind of the entire point of these contests. [Chromium Blog via Ars Technica]

Image: Pedro Miguel Sousa / Shutterstock