Hack A Chromebook for $100,000
Written by Alex Armstrong   
Tuesday, 22 March 2016

Google has doubled the reward payable for a persistent compromise of a Chromebook in guest mode. It has also introduced a new reward for bypassing Chrome's Safe Browsing download protection features.

Google's existing rewards for Chrome hacks are unchanged from when we last reported on them and, together with the new reward in its final line, are outlined in this table.

 High-quality report with
functional exploit [1]
High-quality report [2]Baseline [3]Low-quality report [4]
Sandbox Escape [5] $15,000 $10,000 $2,000 - $5,000 $500
Renderer Remote Code Execution $7,500 $5,000 $1,000 - $3,000 $500
Universal XSS (local bypass or equivalent) $7,500 $5,000 N/A N/A
Information Leak $4,000 $2,000 $0 - $1000 $0
Download Protection bypass [6] N/A $1,000 $0 - $500 $0


[1] A high-quality report with a reliable exploit that demonstrates that the bug reported can be easily, actively and reliably used against users.

[2] A report that includes a minimized test case and the versions of Chrome affected by the bug. You will also demonstrate that exploitation of this vulnerability is very likely (e.g. good control of EIP or another CPU register). Your report should be brief and well written with only necessary detail and commentary.

[3] A minimized test case or output from a fuzzer that highlights a security bug is present.

[4] A report submitted with only a crash dump, without a Proof of Concept (PoC) or with a poor quality PoC (e.g. a 1MB fuzz file dump with no attempt at reduction) that is later verified to be a legitimate issue.

[5] Escaping any layer of the sandbox (including the NaCl sandbox) will be considered as a sandbox escape.

[6] Landing a blacklisted test binary on disk where a typical user could execute it, on Mac or Windows. The file type on disk must lead to non-sandboxed code execution after minimal user interaction with the file. 


Google's Security Reward Program is successful both for Google and for security researchers as indicated that since it was initiated in 2010 over $6 million has been paid out to over 300 recipients with over 750 payouts totalling over $2 million last year.

 

googlebugbounty

 

However since Google introduced a reward of $50,000 for hacking a Chromebook no-one has made a successful submission - prompting Google to double the amount of money on offer to $100,000. This is available all year round with no quotas and no maximum reward pool for compromising a Chromebook or Chromebox with device persistence in guest mode (i.e. guest to guest persistence with interim reboot, delivered via a web page). 

This increased reward is a reflection of the fact that Chrome is getting harder to hack. It came out as the most secure web browser at last week's Pwn2Own. One attack on it failed and while another was successful it used a  vulnerability that had already been reported.   

 

 

Banner


PlanetScale Gets Into Vector Search
02/12/2024

PlanetScale, the cloud MySQL-compatible database with advanced scaling capabilities, is now upgraded with vector storage and search.



Raspberry Pi CM5 - Expensive And Undocumented
27/11/2024

So the unexpected has happened - the Compute Module 5 has been launched. But it simply emphasises some problems with adopting the Pi as an IoT device.


More News

 

espbook

 

Comments




or email your comment to: comments@i-programmer.info

Last Updated ( Tuesday, 22 March 2016 )