News

Google Offers $20,000 To Hack Chrome

Google is looking to reward those who can find a vulnerability in its Chrome browser.

Software companies tend to dissuade users from finding and broadcasting exploits, but Google will pay $20,000 for a skilled hack at the Pwn2Own 2011 event, being held March 9-11. Organized by security software company TippingPoint, Pwn2Own is an annual computer hacking contest held during the CanSecWest security conference in Vancouver, BC.

Cash prizes for hacks have been offered in the past by TippingPoint, but this year marks a first for third-party sponsorship -- namely by Google.

"Kudos to the Google security team for taking the initiative to approach us on this; we're always in favor of rewarding security researchers for the work they too-often do for free," wrote Aaron Portnoy, manager of the security research team at TippingPoint, in a released statement.

Google may be feeling somewhat confident in putting up the money. Last year, its Chrome browser was the only browser to withstand hackers' attempts to find vulnerabilities. Internet Explorer, Firefox and Safari were not so lucky.

To be considered a successful vulnerability discovery, hackers must compromise the browser using a sandbox escape (only exploiting Google-generated code in its browser) on a Windows 7 machine. Along with the $20,000 prize, the company will also award the winner its first version of the Google Chrome OS laptop, the CR-48.

All told, including Google's prize money, Pwn2Own organizers will be offering a total of $125,000 in prize money to those who can find flaws in the aforementioned Web browsers, as well as holes in the following mobile phone OSes: Windows Phone 7, Apple iOS, BlackBerry 6 OS and Google Android OS.

Hackers will have strict requirements in discovering a vulnerability in the mobile phone OSes.

"A successful attack against these devices must require little to no user interaction and must compromise useful data from the phone," Portnoy wrote. "Any attack that can incur cost upon the owner of the device (such as silently calling long-distance numbers, eavesdropping on conversations, and so forth) is within scope."

For more information on Pwn2Own and the CanSecWest 2011 convention, click here.

About the Author

Chris Paoli (@ChrisPaoli5) is the associate editor for Converge360.

Featured

  • Report: Cost, Sustainability Drive DaaS Adoption Beyond Remote Work

    Gartner's 2025 Magic Quadrant for Desktop as a Service reveals that while secure remote access remains a key driver of DaaS adoption, a growing number of deployments now focus on broader efficiency goals.

  • Windows 365 Reserve, Microsoft's Cloud PC Rental Service, Hits Preview

    Microsoft has launched a limited public preview of its new "Windows 365 Reserve" service, which lets organizations rent cloud PC instances in the event their Windows devices are stolen, lost or damaged.

  • Hands-On AI Skills Now Outshine Certs in Salary Stakes

    For AI-related roles, employers are prioritizing verifiable, hands-on abilities over framed certificates -- and they're paying a premium for it.

  • Roadblocks in Enterprise AI: Data and Skills Shortfalls Could Cost Millions

    Businesses risk losing up to $87 million a year if they fail to catch up with AI innovation, according to the Couchbase FY 2026 CIO AI Survey released this month.