Pwn2Own: Google Puts up $20,000 for Chrome Hack

Kara Reeder

With the CanSecWest security conference getting ready to kick off on March 9, information about awards for the Pwn2Own hacking contest is out.

 

This year's cash pot has risen to a whopping $125,000. According to Computerworld, Google will shell out $20,000 to the first researcher who successfully hacks its Chrome browser on the first day of the contest by exploiting two vulnerabilities in Google's code.

 

The first researchers to hack Internet Explorer, Firefox and Safari will pocket $15,000 plus the machine running the browser. As The H notes, Symbian has been dropped from the program this year.

 

Forbes reports that the mobile phones involved in Pwn2Own will include the iPhone 4, BlackBerry Torch, Dell Venue and Nexus S. A successful hack will land the researcher whatever device they managed to exploit.



Add Comment      Leave a comment on this blog post

Feb 3, 2011 1:04 AM Tim Acheson Tim Acheson  says:

this $20K meant to give people the impression that Google are confident in their software? $20K is peanuts! $20 thousand means they expect Chrome to have more security flaws. A serious figure, like $20 million, would convince me that they have a meaningful level of confidence in their product.

Reply
Feb 3, 2011 12:58 PM Tim Acheson Tim Acheson  says:

Offering a reward for identifying a "sandbox exploit" is a great PR stunt. But it's more impressive if you don't know what this really means.

In principle it's a good exercise. Corporations should put their money where their mouth is. Google probably will have to pay out at some point. It's only a few weeks since they fixed eleven important security vulnerabilities in the latest version of their Chrome web browser -- "three critical, seven high-risk, and one medium":

http://twitter.com/timacheson/status/33204767874359296

It troubles me that Google presumably knew about and quietly sat on these, for their own convenience, until they had all been fixed -- rather than prioritising or releasing each fix ASAP.

Chrome is nowhere near as popular as IE, so it's a good way of trying to give Chrome the levels of scrutiny already enjoyed by IE.

Reply

Post a comment

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

 

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.


 

Resource centers

Business Intelligence

Business performance information for strategic and operational decision-making

SOA

SOA uses interoperable services grouped around business processes to ease data integration

Data Warehousing

Data warehousing helps companies make sense of their operational data