Google offers $20,000 for a Chrome hack
Written by Harry Fairhead   
Thursday, 03 February 2011

Google offers $20,000 for a Chrome exploit, but is it a fair test? In the real world the rules of hacking aren't quite so controlled.

Most programmers just wait for their loyal users to report bugs and security problems, but Google is so confident that its Chrome browser is watertight that it is offering a bounty of $20,000 to anyone who can hack into it.

The bounty is being offered as part of the annual  Pwn2Own contest which invites hackers to break into Internet Explorer, Firefox and Safari and Chrome, with cash prizes for each plus a laptop.

The rules for the challenge  are tough, however. To win the $20,000 offered by Google the exploit has to be completed on the first day of the 3-day competition and has to escape the Chrome sandbox to access the rest of the system. The exploit also has to make use of a vulnerability that is within pure Google code - if the trick is to use someone else's weak code to get into Chrome then it doesn't qualify for the big prize. 

 

chrome

On days 2 and 3 of the competition you can still win  $10,000 and in this case you can use problems with non-Google code. Google is also offering $10,000 for a Chrome bug.  Throughout the contest the use of plug-in vulnerabilities is prohibited - that would be too easy.

This is the second year that Google has offered the prize and in last year's contest it was the only browser left unhacked.  If the competitors find a flaw then they have to keep it to themselves until Google decides to tell the world about it.

If there is no successful hack what exactly does this prove? Google will no doubt tell everyone that Chrome is extraordinarily secure but in the real world the attack wouldn't be constrained to a short period of time and it would make use of non-Google code and plug-ins are well known for being flaky.

So fun - yes, but realistic - no.

Registration for the contest closes on 15 February. For full rules and to enter see the Tipping Point's announcement. 

Banner


AWS Adds Support For Llama2 And Mistral To SageMaker Canvas
12/03/2024

As part of its effort to enable its customers to use generative AI for tasks such as content generation and summarization, Amazon has added these state of the art LLMs to SageMaker Canvas.



Flox Releases Flox Hub
13/03/2024

Flox has announced that its Command Line Interface (CLI) and FloxHub are now generally available. The CLI is open source and FloxHub is free for anyone to use.


More News

Last Updated ( Tuesday, 28 February 2012 )