Google offers $20,000 for a Chrome hack
Written by Harry Fairhead   
Thursday, 03 February 2011

Google offers $20,000 for a Chrome exploit, but is it a fair test? In the real world the rules of hacking aren't quite so controlled.

Most programmers just wait for their loyal users to report bugs and security problems, but Google is so confident that its Chrome browser is watertight that it is offering a bounty of $20,000 to anyone who can hack into it.

The bounty is being offered as part of the annual  Pwn2Own contest which invites hackers to break into Internet Explorer, Firefox and Safari and Chrome, with cash prizes for each plus a laptop.

The rules for the challenge  are tough, however. To win the $20,000 offered by Google the exploit has to be completed on the first day of the 3-day competition and has to escape the Chrome sandbox to access the rest of the system. The exploit also has to make use of a vulnerability that is within pure Google code - if the trick is to use someone else's weak code to get into Chrome then it doesn't qualify for the big prize. 

 

chrome

On days 2 and 3 of the competition you can still win  $10,000 and in this case you can use problems with non-Google code. Google is also offering $10,000 for a Chrome bug.  Throughout the contest the use of plug-in vulnerabilities is prohibited - that would be too easy.

This is the second year that Google has offered the prize and in last year's contest it was the only browser left unhacked.  If the competitors find a flaw then they have to keep it to themselves until Google decides to tell the world about it.

If there is no successful hack what exactly does this prove? Google will no doubt tell everyone that Chrome is extraordinarily secure but in the real world the attack wouldn't be constrained to a short period of time and it would make use of non-Google code and plug-ins are well known for being flaky.

So fun - yes, but realistic - no.

Registration for the contest closes on 15 February. For full rules and to enter see the Tipping Point's announcement. 

Banner


JetBrains Upsource
14/08/2014

A browser-based code viewer designed to be a team developer tool has been released in an early access program by JetBrains.



PHP Gets A Formal Specification
31/07/2014

Given how important PHP is in terms of its use, it is very surprising to learn that it only now is getting a formal specification after 20 years of use. 


More News

Last Updated ( Tuesday, 28 February 2012 )
 
 

   
RSS feed of news items only
I Programmer News
Copyright © 2014 i-programmer.info. All Rights Reserved.
Joomla! is Free Software released under the GNU/GPL License.