Google offers 1 million dollars to Chrome hackers

SAN FRANCISCO: -- Google is offering hackers 1 million dollars in prize money to find and exploit new security flaws in its Chrome web browser, the company said Tuesday.

Under the terms of the offer, the web software giant will pay 60,000 dollars for any "full Chrome exploit" that allows malicious hackers to take over a users’ computer via a bug solely in the company’s web browser. The hackers must make available the full details of the exploit to Google in order to qualify for the prize, and must not have released details of the exploit to anyone else, the Google Chrome security team announced in a late Monday blog posting.

In addition, Google will pay 40,000 dollars to anyone whose new exploit relies on a bug in Chrome in conjunction with a flaw in Windows 7, and will offer 20,000 to those who uncover a previously unknown bug in Windows 7. It will pay these sums for every new exploit it receives until the 1 million dollar limit is reached.

"The aim of our sponsorship is simple: we have a big learning opportunity when we receive full end-to-end exploits," said Google’s Chrome security. "Not only can we fix the bugs, but by studying the vulnerability and exploit techniques we can enhance our mitigations, automated testing, and sandboxing. This enables us to better protect our users."

-- The Nation 2012-02-29

This is great! I have so many exploits ready to sell

Crowd sourcing application development is the future.

Great idea.

This is a cheap way for Google to try to control hacks of Chrome. In many cases hackers post their hack details on the internet which allows others to try their luck. It also means that Google has to very quickly plug the hacked leak.

By offering money to keep the hacks quiet, Google has more time to fix the leak, keep it away from other hackers & boast that Chrome is safe.

Also, the headline is totally misleading as the most a hacker can get is $60,000.

Anonymous will do it for free, hack & crash that is

Identify them, pay them then pass their details on to the police, good move.

Anonymous will do it for free, hack & crash that is

good on yer you sound like a w*****hker

Anonymous will do it for free, hack & crash that is

But I doubt that Anonymous will not publish the hack, thusly giving up the $60k, for each bug.

HP did something similar in the 70's with their Access timeshare machine. HP was sure the bugs were sqaushed, so they gave a system to a school and offered $150 for each bug the students found. At $100k, HP pulled the plug on the bug hunt.

You got to admire the inquitiveness and the tenacity of kids.

Anonymous will do it for free, hack & crash that is

good on yer you sound like a w*****hker

Wow name calling for stating something obvious. I guess I've learnt my lesson now

Anonymous will do it for free, hack & crash that is

But I doubt that Anonymous will not publish the hack, thusly giving up the $60k, for each bug.

HP did something similar in the 70's with their Access timeshare machine. HP was sure the bugs were sqaushed, so they gave a system to a school and offered $150 for each bug the students found. At $100k, HP pulled the plug on the bug hunt.

You got to admire the inquitiveness and the tenacity of kids.

Oh no doubt, hence why I said they would do it for free.

This is a cheap way for Google to try to control hacks of Chrome. In many cases hackers post their hack details on the internet which allows others to try their luck. It also means that Google has to very quickly plug the hacked leak.

By offering money to keep the hacks quiet, Google has more time to fix the leak, keep it away from other hackers & boast that Chrome is safe.

Also, the headline is totally misleading as the most a hacker can get is $60,000.

I read $100,000.....

This may be a fresh story but hardly new. Google have been offering these kind of deals for years.

As for whoevers comment of Google paying and passing onto the police... There is nothing illegal about hacking in these terms, presuming you are accessing your own machines.

This may be a fresh story but hardly new. Google have been offering these kind of deals for years.

As for whoevers comment of Google paying and passing onto the police... There is nothing illegal about hacking in these terms, presuming you are accessing your own machines.

No but where there's smoke there's usually fire and it's not likely one who gets really good at hacking does it without implementing it right? Likely if they were investigated independent of Google due to an "anonymous" tip they'd find some closeted skeletons...

This may be a fresh story but hardly new. Google have been offering these kind of deals for years.

As for whoevers comment of Google paying and passing onto the police... There is nothing illegal about hacking in these terms, presuming you are accessing your own machines.

No but where there's smoke there's usually fire and it's not likely one who gets really good at hacking does it without implementing it right? Likely if they were investigated independent of Google due to an "anonymous" tip they'd find some closeted skeletons...

There are some white hat "hackers" that do try to keep the coders honest.

As the one guy found out, Apple wasn't amused at his demo of an exploit that he found and alerted Apple to, only to be ignored. So he published it at the iTunes store (Apple approved for distribution) then he announced the flaw.

Apple banned him for a year.

The thinking at a coding company is often constrained by management or company culture. Users in the wild have no such constraints and often find what others are forced to ignore.

This may be a fresh story but hardly new. Google have been offering these kind of deals for years.

As for whoevers comment of Google paying and passing onto the police... There is nothing illegal about hacking in these terms, presuming you are accessing your own machines.

No but where there's smoke there's usually fire and it's not likely one who gets really good at hacking does it without implementing it right? Likely if they were investigated independent of Google due to an "anonymous" tip they'd find some closeted skeletons...

There are some white hat "hackers" that do try to keep the coders honest.

As the one guy found out, Apple wasn't amused at his demo of an exploit that he found and alerted Apple to, only to be ignored. So he published it at the iTunes store (Apple approved for distribution) then he announced the flaw.

Apple banned him for a year.

The thinking at a coding company is often constrained by management or company culture. Users in the wild have no such constraints and often find what others are forced to ignore.

Maybe but how would one find such a weakness if they didn't go LOOKING for it? And if they never practice their black art?

It's like saying I broke into your bank account to let you know it wasn't safe!

This may be a fresh story but hardly new. Google have been offering these kind of deals for years.

As for whoevers comment of Google paying and passing onto the police... There is nothing illegal about hacking in these terms, presuming you are accessing your own machines.

No but where there's smoke there's usually fire and it's not likely one who gets really good at hacking does it without implementing it right? Likely if they were investigated independent of Google due to an "anonymous" tip they'd find some closeted skeletons...

There are some white hat "hackers" that do try to keep the coders honest.

As the one guy found out, Apple wasn't amused at his demo of an exploit that he found and alerted Apple to, only to be ignored. So he published it at the iTunes store (Apple approved for distribution) then he announced the flaw.

Apple banned him for a year.

The thinking at a coding company is often constrained by management or company culture. Users in the wild have no such constraints and often find what others are forced to ignore.

Maybe but how would one find such a weakness if they didn't go LOOKING for it? And if they never practice their black art?

It's like saying I broke into your bank account to let you know it wasn't safe!

This "hacking" is identical to whats known as "software testing", a respectable and well paid job.

Would you class drug trial volunteers as the same as heroin addicts?

Of course there are people who do the same with different motives but no need to categorise everyone......

No but where there's smoke there's usually fire and it's not likely one who gets really good at hacking does it without implementing it right? Likely if they were investigated independent of Google due to an "anonymous" tip they'd find some closeted skeletons...

There are some white hat "hackers" that do try to keep the coders honest.

As the one guy found out, Apple wasn't amused at his demo of an exploit that he found and alerted Apple to, only to be ignored. So he published it at the iTunes store (Apple approved for distribution) then he announced the flaw.

Apple banned him for a year.

The thinking at a coding company is often constrained by management or company culture. Users in the wild have no such constraints and often find what others are forced to ignore.

Maybe but how would one find such a weakness if they didn't go LOOKING for it? And if they never practice their black art?

It's like saying I broke into your bank account to let you know it wasn't safe!

This "hacking" is identical to whats known as "software testing", a respectable and well paid job.

Would you class drug trial volunteers as the same as heroin addicts?

Of course there are people who do the same with different motives but no need to categorise everyone......

Nope but being a good hacker is not unlike being a good detective in order to be really good and top in one's profession one is operating on the thin line between right and wrong and need to think just like a criminal or in this case hacker in order to catch one and occasionally some do slip over the line..