Hack A Chromebook for $100,000

Written by Alex Armstrong

Tuesday, 22 March 2016

Google has doubled the reward payable for a persistent compromise of a Chromebook in guest mode. It has also introduced a new reward for bypassing Chrome's Safe Browsing download protection features.

Google's existing rewards for Chrome hacks are unchanged from when we last reported on them and, together with the new reward in its final line, are outlined in this table.

	High-quality report with functional exploit [1]	High-quality report [2]	Baseline [3]	Low-quality report [4]
Sandbox Escape [5]	$15,000	$10,000	$2,000 - $5,000	$500
Renderer Remote Code Execution	$7,500	$5,000	$1,000 - $3,000	$500
Universal XSS (local bypass or equivalent)	$7,500	$5,000	N/A	N/A
Information Leak	$4,000	$2,000	$0 - $1000	$0
Download Protection bypass [6]	N/A	$1,000	$0 - $500	$0

[1] A high-quality report with a reliable exploit that demonstrates that the bug reported can be easily, actively and reliably used against users.

[2] A report that includes a minimized test case and the versions of Chrome affected by the bug. You will also demonstrate that exploitation of this vulnerability is very likely (e.g. good control of EIP or another CPU register). Your report should be brief and well written with only necessary detail and commentary.

[3] A minimized test case or output from a fuzzer that highlights a security bug is present.

[4] A report submitted with only a crash dump, without a Proof of Concept (PoC) or with a poor quality PoC (e.g. a 1MB fuzz file dump with no attempt at reduction) that is later verified to be a legitimate issue.

[5] Escaping any layer of the sandbox (including the NaCl sandbox) will be considered as a sandbox escape.

[6] Landing a blacklisted test binary on disk where a typical user could execute it, on Mac or Windows. The file type on disk must lead to non-sandboxed code execution after minimal user interaction with the file.

Google's Security Reward Program is successful both for Google and for security researchers as indicated that since it was initiated in 2010 over $6 million has been paid out to over 300 recipients with over 750 payouts totalling over $2 million last year.

googlebugbounty

However since Google introduced a reward of $50,000 for hacking a Chromebook no-one has made a successful submission - prompting Google to double the amount of money on offer to $100,000. This is available all year round with no quotas and no maximum reward pool for compromising a Chromebook or Chromebox with device persistence in guest mode (i.e. guest to guest persistence with interim reboot, delivered via a web page).

This increased reward is a reflection of the fact that Chrome is getting harder to hack. It came out as the most secure web browser at last week's Pwn2Own. One attack on it failed and while another was successful it used a vulnerability that had already been reported.

More Information

Chrome Reward Program Rules

Get Rich or Hack Tryin’

Google Increases Maximum Bounty For Chrome Bugs

Pwn2Own 2016 - The Results

Largest Payout Ever At Pwn2Own 2015

Chrome Hacked Twice at CanSecWest

Chrome Safe In Pwn2Own Contest

Chrome, IE and Firefox Hacked

To be informed about new articles on I Programmer, sign up for our weekly newsletter, subscribe to the RSS feed and follow us on, Twitter, Facebook, Google+ or Linkedin.

Breaking The Cipher Of Mary Queen Of Scots
29/06/2025

Researchers who break ciphers for fun have been talking about how they broke the coded letters of Mary Queen of Scots using a combination of computer algorithms, linguistic analysis and manual co [ ... ]

+ Full Story

Apache Arrow 21 Released
07/07/2025

Version 21 of Apache Arrow has been released, including the first official Swift implementation of the platform. Improvements to Arrow 21 include exposing gRPC in the Flight client builder and improve [ ... ]

+ Full Story

More News

Comments

or email your comment to: comments@i-programmer.info

Last Updated ( Tuesday, 22 March 2016 )

More Information

Related Articles

Comments