When it comes to big companies and vulnerabilities in their systems, hackers can easily be ruled as the best paid freelancers ever. Google is just the latest to challenge hackers to put their minds to work to show vulnerabilities in the Chrome. And the incentive isn’t at all to be taken at ease. Google gives a $1 million incentive to hack their Chrome.
March 7 is the time for Google’s CanSecWest security conference and for its famous contest called Pwn2Own. Basically, hackers are invited to do their thing and then present vulnerabilities found in Google Chrome’s system. For that, the company will offer up to $1 million worth of monetary prizes.
As the Chromium blog writes, a Full Chrome exploit will bring the skilled hacker $60,000. Second place will take home $40,000 for a Partial Chrome exploit and last prize, the so called “Consolation reward, Flash / Windows/ other” will win $20,000.
The contest at hand isn’t exactly piece of cake. We’re talking about Google on top of everything. And Google has some serious requirements. First of all the prizes will be given “on a first-come-first served basis”. On top of that, the identified exploit bugs must “be reliable, fully functional end to end, disjoint, of critical impact, present in the last versions and genuinely ‘0-day’”.
As Google’s blog post reads, the aim of the contest is to study the vulnerabilities and “exploit techniques we can enhance our mitigations, automated testing and sandboxing”. All to the final extent of protecting users better.
The Pwn2Own contest isn’t at its first edition. Over the past six years, skilled hackers have presented vulnerabilities in everything from Internet Explorer to Safari, but Chrome. And as Google puts it, as proud as they are “of Chrome’s leading track record in past competitions, the fact is that not receiving exploits means that it’s harder to learn and improve”.
Arstehnica.com received an emailed statement from a Google spokeswoman that talked about the importance of identifying sandbox exploits. It reads: “sandbox escapes are very dangerous bugs so it is not in the best interests of user safety to have these kept secret…Our ultimate goal here is to make the web safer”.