Google launched a new initiative this week offering a $1-milion prize to any hacker who can find and exploit security flaws in its Chrome web browser.
“While we are proud of Chrome’s leading track record in past competitions, the fact is that not receiving exploits means that it is harder to learn and improve. To maximize our chances of receiving exploits this year, we’ve upped the ante. We will directly sponsor up to $1 million worth of rewards,” Chrome’s security team said in a blog posting.
However, there are strings attached to the sanctioned law-breaking. “The hackers must make available the full details of the exploit to Google in order to qualify for the prize, and must not have released details of the exploit to anyone else,” News24 writes.
The goal of the competition is to find and fix any exploits that users might find. “The aim of our sponsorship is simple: we have a big learning opportunity when we receive full end-to-end exploits. Not only can we fix the bugs, but by studying the vulnerability and exploit techniques we can enhance our mitigations, automated testing, and sandboxing. This enables us to better protect our users,” the team added.
There are three categories for users to enter:
$60,000 – “Full Chrome exploit”: Chrome / Win7 local OS user account persistence using only bugs in Chrome itself.
$40,000 – “Partial Chrome exploit”: Chrome / Win7 local OS user account persistence using at least one bug in Chrome itself, plus other bugs. For example, a WebKit bug combined with a Windows sandbox bug.
$20,000 – “Consolation reward, Flash / Windows / other”: Chrome / Win7 local OS user account persistence that does not use bugs in Chrome. For example, bugs in one or more of Flash, Windows or a driver. These exploits are not specific to Chrome and will be a threat to users of any web browser. Although not specifically Chrome’s issue, we’ve decided to offer consolation prizes because these findings still help us toward our mission of making the entire web safer.
All winners will also a receive a Chrome notebook.
Charlie Fripp – Online editor