29th Feb, 2012
Hack Chrome, Win A Million Dollars!
Google boasts of its browser's security with a high-stakes challenge.
Google has put up $1 million as prize money for anyone who can find a security flaw in its Chrome web browser. This is fifty times the amount it offered last year for the same, in the Pwn2Own hacking competition, held at the CanSecWest security conference. However, this competition is not related to Pwn2Own, where hackers reveal exploits and security bugs in operating systems and web browsers.
While the search giant will pay out as much as a million dollars if security loopholes are found, it also states that hackers will have to reveal quite a few exploits to claim that huge a bounty.The contest has been divided into three categories and the prize money varies as below:
- $60,000 - Full Chrome exploit: Chrome / Win7 local OS user account persistence using only bugs in Chrome itself.
- $40,000 - Partial Chrome exploit: Chrome / Win7 local OS user account persistence using at least one bug in Chrome itself, plus other bugs. For example, a WebKit bug combined with a Windows sandbox bug.
- $20,000 - Consolation reward, Flash / Windows / other: Chrome / Win7 local OS user account persistence that does not use bugs in Chrome. For example, bugs in one or more of Flash, Windows or a driver. These exploits are not specific to Chrome and will be a threat to users of any web browser. Although not specifically Chrome's issue, we've [sic] decided to offer consolation prizes because these findings still help us toward our mission of making the entire web safer.
Multiple rewards will be given per category, on a first-come-first-served basis. The set of exploit bugs need to be "reliable, fully functional end to end, disjoint, of critical impact, present in the latest versions and genuinely 0-day". The exploits must not be submitted elsewhere before they are submitted to Google. The company will also be giving away Chromebooks to all the winners.