Home
World Update
Google offers hackers $1m to crack their web browser
Google offers hackers $1m to crack their web browser
CuteNaija
-
Tuesday, February 28, 2012
Web giant Google is offering a reward of $1 million to people who can engineer a fully functional exploit that punches a security hole in its Chrome web browser.
The search giant has once again chosen the Cansecwest security conference to announce the competition, noting that developing a fully functional exploit is “significantly more work” than finding and reporting a potential security bug.
Posting on the Google Chrome Security Blog, Chris Evans and Justin Schuh from the Google Chrome Security Team explained that the aim of the sponsorship is simple. They said, “We have a big learning opportunity when we receive full end-to-end exploits. Not only can we fix the bugs, but by studying the vulnerability and exploit techniques we can enhance our mitigations, automated testing, and sandboxing. This enables us to better protect our users.”
Somewhat perversely, the team added that the fact that Chrome is not receiving exploits means that it is actually harder to improve the platform. So to address this and maximise the chances of receiving exploits this year, the search company has dug deep to put up a cool $1 million worth of rewards. The top individual prize of $60,000 will be paid for a full Chrome exploit using only bugs in Chrome to deliver Windows 7 local OS user account persistence.
$40,000 is up for grabs for a partial Chrome exploit based on at least one bug in Chrome itself, plus other bugs. For example, a Webkit bug combined with a Windows sandbox bug.
Moving down the scale, Google will cough up a $20,000 “Consolation reward” for an exploit that does not actually use bugs in Chrome. For example, bugs in one or more of Flash, Windows or a driver.
All winners will also receive a Chromebook.
“We will issue multiple rewards per category, up to the $1 million limit, on a first-come-first served basis. There is no splitting of winnings or “winner takes all.” We require each set of exploit bugs to be reliable, fully functional end to end, disjoint, of critical impact, present in the latest versions and genuinely “0-day,” i.e. not known to us or previously shared with third parties. Contestant’s exploits must be submitted to and judged by Google before being submitted anywhere else,” the company explained Click to signup for FREE news updates, latest information and hottest gists everyday
Advertise on NigerianEye.com to reach thousands of our daily users
Subscribe to:
Post Comments
(
Atom
)
No comments
Post a Comment
Kindly drop a comment below.
(Comments are moderated. Clean comments will be approved immediately)
Advert Enquires - Reach out to us at NigerianEye@gmail.com