Google Offers Millions for Chrome Bug Hunters

If Google hadn’t made the message clear enough already: It really, really wants you to hack its software.

On Wednesday the company announced that it’s holding another competition for hackers to target its Chrome browser, following the Pwnium competition it held in Vancouver last March, where it offered a total of $1 million in hacking prizes. This time the company’s putting a total of $2 million in rewards on the table for anyone who can find bugs in its browser, exploit them, and tell Google’s security team the details of their techniques.

“The first Pwnium competition held earlier this year exceeded our expectations,” Google security engineer Chris Evans wrote in a blog post. “Most importantly, we were able to make Chromium [the open-source code base on which Chrome is built] significantly stronger based on what we learned.”

The contest will be held in October at the Hack in the Box security conference in Kuala Lumpur, Malaysia. “We hope this gives enough time for the security community to craft more beautiful works, which we’d be more than happy to reward and celebrate,” Evans wrote.

Google is offering up to $60,000 for a single working Chrome exploit. While several other companies including Mozilla, PayPal and Facebook offer bug bounties, none publicly offers such a high sum.

In another blog post Tuesday, Google wrote that it had already paid out $1 million in total bounties, and would be adding small bonuses for certain categories of exploits.

Bumping its total payout for the competition, which it’s calling Pwnium 2, may be more of a marketing stunt than a significant change. In the last Pwnium contest (whose name comes from the word “pwn,” hacker jargon for compromising or taking over a target) Google only found two hackers willing and capable of winning its $60,000 prize and gave out only a small fraction of its $1 million bounty.

Even with $60,000 rewards, it’s not clear that hackers able to take Chrome apart will come forward to claim the prizes. Google’s bounties likely can’t match the sums offered by government intelligence and law enforcement agencies who buy similarly rare exploits with the intention of using them for spying on and tracking targets rather than helping software vendors fix their security flaws.

Ifeanyi Emeka About the Author: Ifeanyi Emeka is the founder of Tech Forked. He is passionate about tech stuffs and loves customizing blogger themes.

0 comments for "Google Offers Millions for Chrome Bug Hunters"

Leave a reply