Google offers $20,000 for a Chrome exploit, but is it a fair test? In the real world the rules of hacking aren't quite so controlled.
Most programmers just wait for their loyal users to report bugs and security problems, but Google is so confident that its Chrome browser is watertight that it is offering a bounty of $20,000 to anyone who can hack into it.
The bounty is being offered as part of the annual Pwn2Own contest which invites hackers to break into Internet Explorer, Firefox and Safari and Chrome, with cash prizes for each plus a laptop.
The rules for the challenge are tough, however. To win the $20,000 offered by Google the exploit has to be completed on the first day of the 3-day competition and has to escape the Chrome sandbox to access the rest of the system. The exploit also has to make use of a vulnerability that is within pure Google code - if the trick is to use someone else's weak code to get into Chrome then it doesn't qualify for the big prize.
On days 2 and 3 of the competition you can still win $10,000 and in this case you can use problems with non-Google code. Google is also offering $10,000 for a Chrome bug. Throughout the contest the use of plug-in vulnerabilities is prohibited - that would be too easy.
This is the second year that Google has offered the prize and in last year's contest it was the only browser left unhacked. If the competitors find a flaw then they have to keep it to themselves until Google decides to tell the world about it.
If there is no successful hack what exactly does this prove? Google will no doubt tell everyone that Chrome is extraordinarily secure but in the real world the attack wouldn't be constrained to a short period of time and it would make use of non-Google code and plug-ins are well known for being flaky.
So fun - yes, but realistic - no.
Registration for the contest closes on 15 February. For full rules and to enter see the Tipping Point's announcement.