Google increases rewards for hacking Chrome

Google has been pushing specially held events where it invites hackers to try and break chrome in return for cash prizes. Google’s newest bug hunting competition is called “pwnium”, a take on Chromium no doubt, and they have increased the overall cash pool for rewards.

If users can break Chrome with Chrome-specific code there is a reward of US$60,000, US$50,000 for Windows Kernel bug springboard Chrome hacks and exploits directly unrelated to Chrome can be submitted, and are eligible for US$40,000 in rewards.Google has set aside US$2 million for hackers who can prove multiple exploits have been found from any of the three main categories as listed above.

Previously the rewards were set at $60,000/$40,000/$20,000 with a total “hacker prize money” pool of $1 million.

“Google is also offering rewards for partial exploits, or those that can’t be immediately used. Such examples include exploits that work within Chrome’s sandbox, but aren’t considered an immediate threat because they don’t break the sandbox. Google’s judging panel will determine what these partial threats are worth.

Hackers will be required to demonstrate their exploits on the latest stable release of Chrome, running on a patched fully Acer Aspire V5-571-6869 laptop. In addition to the prize money, the hacker responsible for the best entry will also get to keep the laptop.

The other, more important aspect of the competition is that the exploits must be documented. This ensures that Google is able to patch Chrome’s vulnerabilities and alert affected vendors.

In the last Pwnium, the two winning entries were both blocked within 24 hours of being demonstrated, and later shared on the Chromium Blog so that anyone could learn from Google’s mistakes.”

Source