Guestpost:$60,000 to Whoever Can Exploit Chrome: from Google february 2012
While
both Safari and IE collapsed under the pressure from hackers at last
year's Pwn2Own contest, not one person was able to crack Chrome. This
year, Google's sweetening the pot with a million dollars in prizes to
successful exploiters.
In fact, Chrome is the only browser in the contest's six year history to not be exploited—like, at all. Therefore Google will hand out prizes of $60,000, $40,000, and $20,000 for contestants able to remotely commandeer a fully-patched browser running on Windows 7. Finding a "Full Chrome Exploit," obtaining user account persistence using only bugs in the browser itself will net the $60k prize. Using webkits, flash, or a driver-based exploit can only earn the lesser amounts.
"While we're proud of Chrome's leading track record in past competitions, the fact is that not receiving exploits means that it's harder to learn and improve," wrote members of the Google Chrome security team in a post on Monday. "To maximize our chances of receiving exploits this year, we've upped the ante. We will directly sponsor up to $1 million worth of rewards."
The company will not, however, sponsor the contest itself as it has in year's past. Google pulled its support after finding that recent rule changes allowed hackers to claim prize money without actually revealing the inner workings of the exploit to vendors. Which is kind of the entire point of these contests. [Chromium Blog via Ars Technica]
Image: Pedro Miguel Sousa / Shutterstock
In fact, Chrome is the only browser in the contest's six year history to not be exploited—like, at all. Therefore Google will hand out prizes of $60,000, $40,000, and $20,000 for contestants able to remotely commandeer a fully-patched browser running on Windows 7. Finding a "Full Chrome Exploit," obtaining user account persistence using only bugs in the browser itself will net the $60k prize. Using webkits, flash, or a driver-based exploit can only earn the lesser amounts.
"While we're proud of Chrome's leading track record in past competitions, the fact is that not receiving exploits means that it's harder to learn and improve," wrote members of the Google Chrome security team in a post on Monday. "To maximize our chances of receiving exploits this year, we've upped the ante. We will directly sponsor up to $1 million worth of rewards."
The company will not, however, sponsor the contest itself as it has in year's past. Google pulled its support after finding that recent rule changes allowed hackers to claim prize money without actually revealing the inner workings of the exploit to vendors. Which is kind of the entire point of these contests. [Chromium Blog via Ars Technica]
Image: Pedro Miguel Sousa / Shutterstock
Comments