Hack A Chromebook for $100,000

Written by Alex Armstrong

Tuesday, 22 March 2016

Google has doubled the reward payable for a persistent compromise of a Chromebook in guest mode. It has also introduced a new reward for bypassing Chrome's Safe Browsing download protection features.

Google's existing rewards for Chrome hacks are unchanged from when we last reported on them and, together with the new reward in its final line, are outlined in this table.

	High-quality report with functional exploit [1]	High-quality report [2]	Baseline [3]	Low-quality report [4]
Sandbox Escape [5]	$15,000	$10,000	$2,000 - $5,000	$500
Renderer Remote Code Execution	$7,500	$5,000	$1,000 - $3,000	$500
Universal XSS (local bypass or equivalent)	$7,500	$5,000	N/A	N/A
Information Leak	$4,000	$2,000	$0 - $1000	$0
Download Protection bypass [6]	N/A	$1,000	$0 - $500	$0

[1] A high-quality report with a reliable exploit that demonstrates that the bug reported can be easily, actively and reliably used against users.

[2] A report that includes a minimized test case and the versions of Chrome affected by the bug. You will also demonstrate that exploitation of this vulnerability is very likely (e.g. good control of EIP or another CPU register). Your report should be brief and well written with only necessary detail and commentary.

[3] A minimized test case or output from a fuzzer that highlights a security bug is present.

[4] A report submitted with only a crash dump, without a Proof of Concept (PoC) or with a poor quality PoC (e.g. a 1MB fuzz file dump with no attempt at reduction) that is later verified to be a legitimate issue.

[5] Escaping any layer of the sandbox (including the NaCl sandbox) will be considered as a sandbox escape.

[6] Landing a blacklisted test binary on disk where a typical user could execute it, on Mac or Windows. The file type on disk must lead to non-sandboxed code execution after minimal user interaction with the file.

Google's Security Reward Program is successful both for Google and for security researchers as indicated that since it was initiated in 2010 over $6 million has been paid out to over 300 recipients with over 750 payouts totalling over $2 million last year.

googlebugbounty

However since Google introduced a reward of $50,000 for hacking a Chromebook no-one has made a successful submission - prompting Google to double the amount of money on offer to $100,000. This is available all year round with no quotas and no maximum reward pool for compromising a Chromebook or Chromebox with device persistence in guest mode (i.e. guest to guest persistence with interim reboot, delivered via a web page).

This increased reward is a reflection of the fact that Chrome is getting harder to hack. It came out as the most secure web browser at last week's Pwn2Own. One attack on it failed and while another was successful it used a vulnerability that had already been reported.

More Information

Chrome Reward Program Rules

Get Rich or Hack Tryin’

Google Increases Maximum Bounty For Chrome Bugs

Pwn2Own 2016 - The Results

Largest Payout Ever At Pwn2Own 2015

Chrome Hacked Twice at CanSecWest

Chrome Safe In Pwn2Own Contest

Chrome, IE and Firefox Hacked

To be informed about new articles on I Programmer, sign up for our weekly newsletter, subscribe to the RSS feed and follow us on, Twitter, Facebook, Google+ or Linkedin.

Rust And C++ Should Be Friends?
20/11/2024

The Rust Foundation has just released a statement on Rust and C++ interoperability and Google is ponying up $1 to see that it gets done.

+ Full Story

Gender Differences In Coding Style
13/11/2024

A novel investigation into the gender gap between men and women regarding coding ability was undertaken by Dr Siân Brooke. Her conclusion? There is a difference in the Python code [ ... ]

+ Full Story

More News

Comments

or email your comment to: comments@i-programmer.info

Last Updated ( Tuesday, 22 March 2016 )

More Information

Related Articles

Comments