Hack A Chromebook for $100,000
Written by Alex Armstrong   
Tuesday, 22 March 2016

Google has doubled the reward payable for a persistent compromise of a Chromebook in guest mode. It has also introduced a new reward for bypassing Chrome's Safe Browsing download protection features.

Google's existing rewards for Chrome hacks are unchanged from when we last reported on them and, together with the new reward in its final line, are outlined in this table.

 High-quality report with
functional exploit [1]
High-quality report [2]Baseline [3]Low-quality report [4]
Sandbox Escape [5] $15,000 $10,000 $2,000 - $5,000 $500
Renderer Remote Code Execution $7,500 $5,000 $1,000 - $3,000 $500
Universal XSS (local bypass or equivalent) $7,500 $5,000 N/A N/A
Information Leak $4,000 $2,000 $0 - $1000 $0
Download Protection bypass [6] N/A $1,000 $0 - $500 $0


[1] A high-quality report with a reliable exploit that demonstrates that the bug reported can be easily, actively and reliably used against users.

[2] A report that includes a minimized test case and the versions of Chrome affected by the bug. You will also demonstrate that exploitation of this vulnerability is very likely (e.g. good control of EIP or another CPU register). Your report should be brief and well written with only necessary detail and commentary.

[3] A minimized test case or output from a fuzzer that highlights a security bug is present.

[4] A report submitted with only a crash dump, without a Proof of Concept (PoC) or with a poor quality PoC (e.g. a 1MB fuzz file dump with no attempt at reduction) that is later verified to be a legitimate issue.

[5] Escaping any layer of the sandbox (including the NaCl sandbox) will be considered as a sandbox escape.

[6] Landing a blacklisted test binary on disk where a typical user could execute it, on Mac or Windows. The file type on disk must lead to non-sandboxed code execution after minimal user interaction with the file. 


Google's Security Reward Program is successful both for Google and for security researchers as indicated that since it was initiated in 2010 over $6 million has been paid out to over 300 recipients with over 750 payouts totalling over $2 million last year.

 

googlebugbounty

 

However since Google introduced a reward of $50,000 for hacking a Chromebook no-one has made a successful submission - prompting Google to double the amount of money on offer to $100,000. This is available all year round with no quotas and no maximum reward pool for compromising a Chromebook or Chromebox with device persistence in guest mode (i.e. guest to guest persistence with interim reboot, delivered via a web page). 

This increased reward is a reflection of the fact that Chrome is getting harder to hack. It came out as the most secure web browser at last week's Pwn2Own. One attack on it failed and while another was successful it used a  vulnerability that had already been reported.   

 

 

Banner


Java SE 13 Reaches GA
24/09/2019

Oracle has announced the general availability of Java Standard Edition 13 (Java SE 13) along with the open source version, Java Development Kit 13 (JDK 13). The announcement was made at Oracle OpenWor [ ... ]



Cloudera Extends Apache HBase To Use Amazon S3
04/10/2019

Cloudera has updated Cloudera Data Platform to provide a way for Apache HBase deployments to use Amazon Simple Storage Service (S3) as its main persistence layer for saving table data.


More News

 

graphics

 



 

Comments




or email your comment to: comments@i-programmer.info

Last Updated ( Tuesday, 22 March 2016 )