Google Will Offer $1 Million In Rewards For Hacking Chrome In Contest

[amerriaz]

For the last three years, Google’s Chrome browser has left the world’s premiere hacking competition unscathed, even as Firefox, Internet Explorer and Safari have all been taken down by the assembled security researchers. So this year, Google is offering hackers a million reasons to re-focus their efforts.

Google announced Monday evening that it’s offering up to a million dollars in rewards at the annual Pwn2Own hacking contest, which takes place next week at the CanSecWest security conference in Vancouver. Hackers don’t necessarily need to target Chrome to win a chunk of that money: Google is paying $20,000 to any participant who can exploit hackable bugs in Windows, Flash, or a device driver, security problems that would affect users of all browsers. But for hacks that include flaws specific to Chrome, Google will pay $40,000 each, and for those that exploit only bugs in Chrome, the company will shell out $60,000, up to its million dollar limit.

In fact, Google’s rewards may end up dwarfing those offered by the contest’s official organizers, the Hewlett-Packard-owned Zero Day Initiative. HP plans to offer $60,000 to the first place winner, $35,000 to the second, and $15,000 to the third place contestant, using a point system to determine those placements.

And why is Google willing to pay seven figures to see its browser taken apart in public? Because, the company explains in a blog post, the annual hacking contest offers a chance to test Chrome’s mettle against some of the world’s most innovative hackers in a setting where any new flaws can be identified and patched. In return for its rewards, Google demands any winning researcher submit the details of the exploited flaws to its security team, a condition that ZDI doesn’t impose on the winning hackers. ”Not only can we fix the bugs, but by studying the vulnerability and exploit techniques we can enhance our mitigations, automated testing, and sandboxing,” Chrome security engineers Chris Evans and Justin Schuh write. “This enables us to better protect our users.”

Pwn2Own isn’t the only time researchers can be paid for digging up security flaws in Chrome. Like other companies including Mozilla and Facebook, Google offers “bug bounties” to researchers, and its flaw-buying program has given out more than $300,000 in payments over the last two years.

Since Chrome first appeared as a target in the Pwn2Own contest in 2009, participating hackers haven’t even tried to exploit the browser, focusing instead on the array of other software and devices laid out as the contest’s victims. Because security exploits are usually developed well ahead of the contest, that’s a sign that none of the researchers could find a chink in Chrome’s armor–its security features include sandboxing, which limits the access of an exploit to the rest of a user’s PC and “just-in-time hardening” that prevents javascript on websites from executing commands on the user’s machine.

Even when Google offered an extra $20,000 to anyone who could hack its browsers last year, no one took up the challenge. That result provides great marketing fodder, but Google says it’s more eager to expose bugs in its code–hence this year’s massive payouts. “While we’re proud of Chrome’s leading track record in past competitions, the fact is that not receiving exploits means that it’s harder to learn and improve,” Evans and Schuh write. “To maximize our chances of receiving exploits this year, we’ve upped the ante.”

SOURCE
SOURCE

amerriaz Reviewed by amerriaz on 28th Feb 2012. Google Will Offer $1 Million In Rewards For Hacking Chrome In Contest For the last three years, Google’s Chrome browser has left the world’s premiere hacking competition unscathed, even as Firefox, Internet Explorer and Safari have all been taken down by the assembled security researchers. So this year, Google is offering hackers a million reasons to re-focus their efforts. Google announced Monday evening that it’s offering up to a million dollars in rewards at the annual Pwn2Own hacking contest, which takes place next week at the CanSecWest security Rating: 5

[foxman]

Ok Hackers of KWWH, Book your tickets to Vancouver.

[barrix]

Good luck KWWH hackers!

[outbreak]

There is one big exploit on all browsers, and that is password management.
If you saved one of your passwords in a browser, I could simply extract it within seconds, but they aren't doing anything to change that.

[b1gj4v]

let the battle begin

[Spartan]

Thats a great news ! Good Luck Buddies