News

Google Offers $20,000 To Hack Chrome

Google is looking to reward those who can find a vulnerability in its Chrome browser.

Software companies tend to dissuade users from finding and broadcasting exploits, but Google will pay $20,000 for a skilled hack at the Pwn2Own 2011 event, being held March 9-11. Organized by security software company TippingPoint, Pwn2Own is an annual computer hacking contest held during the CanSecWest security conference in Vancouver, BC.

Cash prizes for hacks have been offered in the past by TippingPoint, but this year marks a first for third-party sponsorship -- namely by Google.

"Kudos to the Google security team for taking the initiative to approach us on this; we're always in favor of rewarding security researchers for the work they too-often do for free," wrote Aaron Portnoy, manager of the security research team at TippingPoint, in a released statement.

Google may be feeling somewhat confident in putting up the money. Last year, its Chrome browser was the only browser to withstand hackers' attempts to find vulnerabilities. Internet Explorer, Firefox and Safari were not so lucky.

To be considered a successful vulnerability discovery, hackers must compromise the browser using a sandbox escape (only exploiting Google-generated code in its browser) on a Windows 7 machine. Along with the $20,000 prize, the company will also award the winner its first version of the Google Chrome OS laptop, the CR-48.

All told, including Google's prize money, Pwn2Own organizers will be offering a total of $125,000 in prize money to those who can find flaws in the aforementioned Web browsers, as well as holes in the following mobile phone OSes: Windows Phone 7, Apple iOS, BlackBerry 6 OS and Google Android OS.

Hackers will have strict requirements in discovering a vulnerability in the mobile phone OSes.

"A successful attack against these devices must require little to no user interaction and must compromise useful data from the phone," Portnoy wrote. "Any attack that can incur cost upon the owner of the device (such as silently calling long-distance numbers, eavesdropping on conversations, and so forth) is within scope."

For more information on Pwn2Own and the CanSecWest 2011 convention, click here.

About the Author

Chris Paoli is the site producer for Redmondmag.com and MCPmag.com.

Featured

  • Vendors Issue Patches for Linux Container Runtime Flaw Enabling Host Attacks

    This week, the National Institute of Standards and Technology (NIST) described a high-risk security vulnerability (CVE-2019-5736) for organizations using containers that could lead to compromised host systems.

  • Windows 10 Version 1809 Users May Get Visual Studio Crashes

    Microsoft on Friday issued an advisory for Windows 10 version 1809 users about possible Visual Studio crashes.

  • Standardizing the Look of Outlook's Outbound Messages

    Microsoft typically gives users a blank canvas to compose new e-mails in Outlook. In some corporate environments, however, a blank canvas isn't a good thing.

  • Windows 10 'Semiannual Channel Targeted' Goes Away This Spring

    Microsoft plans to slightly alter its Windows servicing lingo and management behavior with its next Windows 10 operating system feature update release, coming this spring.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.