Google offers $1 million rewards . . . for hacking its Chrome browser!
Google is offering up to a million dollars in rewards for people who can hack its Chrome browser at the world's premiere hacking competition, the annual Pwn2Own hacking contest next week at the CanSecWest security conference in Vancouver.
Can you pick a hole in Chrome?
For hacks that include flaws specific to Chrome, Google will pay $40,000 each, and for those that exploit only bugs in Chrome, the company will shell out $60,000, up to its million dollar limit. There are also smaller prizes for other non-Chrome hacks.
For three years Firefox, Internet Explorer and Safari have all been taken down by the assembled security researchers at Pwn20wn - but Google’s Chrome browser has been unscathed, says Forbes magazine.
So why is Google willing to pay seven figures to see its browser taken apart in public?
The company explains in a blog post that the annual hacking contest offers a chance to test Chrome’s mettle against some of the world’s most innovative hackers in a setting where any new flaws can be identified and patched.
In return for its rewards, Google demands that any winning researcher submit the details of the exploited flaws to its security team.
”Not only can we fix the bugs, but by studying the vulnerability and exploit techniques we can enhance our mitigations, automated testing, and sandboxing,” say Chrome security engineers Chris Evans and Justin Schuh write in the blog . “This enables us to better protect our users.”
Like other companies including Mozilla and Facebook, Google offers “bug bounties” to researchers, says Forbes, and its flaw-buying programme has given out more than $300,000 in payments over the last two years.