Google offers $20,000 for a Chrome hack
Written by Harry Fairhead   
Thursday, 03 February 2011

Google offers $20,000 for a Chrome exploit, but is it a fair test? In the real world the rules of hacking aren't quite so controlled.

Most programmers just wait for their loyal users to report bugs and security problems, but Google is so confident that its Chrome browser is watertight that it is offering a bounty of $20,000 to anyone who can hack into it.

The bounty is being offered as part of the annual  Pwn2Own contest which invites hackers to break into Internet Explorer, Firefox and Safari and Chrome, with cash prizes for each plus a laptop.

The rules for the challenge  are tough, however. To win the $20,000 offered by Google the exploit has to be completed on the first day of the 3-day competition and has to escape the Chrome sandbox to access the rest of the system. The exploit also has to make use of a vulnerability that is within pure Google code - if the trick is to use someone else's weak code to get into Chrome then it doesn't qualify for the big prize. 

 

chrome

On days 2 and 3 of the competition you can still win  $10,000 and in this case you can use problems with non-Google code. Google is also offering $10,000 for a Chrome bug.  Throughout the contest the use of plug-in vulnerabilities is prohibited - that would be too easy.

This is the second year that Google has offered the prize and in last year's contest it was the only browser left unhacked.  If the competitors find a flaw then they have to keep it to themselves until Google decides to tell the world about it.

If there is no successful hack what exactly does this prove? Google will no doubt tell everyone that Chrome is extraordinarily secure but in the real world the attack wouldn't be constrained to a short period of time and it would make use of non-Google code and plug-ins are well known for being flaky.

So fun - yes, but realistic - no.

Registration for the contest closes on 15 February. For full rules and to enter see the Tipping Point's announcement. 

Banner


Ruby On Rails Adds Kamal And Thruster Support
17/12/2024

Ruby on Rails 8 has been released. The new version comes preconfigured with Kamal 2 for application deployment, a new proxy called Thruster, and a trio of SQLite database-backed adapters named Solid C [ ... ]



Azure Container Apps Dynamic Sessions Generally Available
02/12/2024

Dynamic Session support has been added to Azure Container Apps. Azure Container Apps is a serverless platform for running containerized applications, and dynamic sessions is designed to provide fast a [ ... ]


More News

Last Updated ( Tuesday, 28 February 2012 )