This year at the CanSecWest security conference, Google will once again sponsor rewards for Google Chrome exploits. This complements and extends Google’s Chromium Security Rewards program by recognizing that developing a fully functional exploit is significantly more work than finding and reporting a potential security bug.
This sponsorship will help Google study the vulnerability and exploit techniques adapted by hackers to help protect in future versions of the browser. Google has come up with over $1 Million in rewards broken down into the categories below:
- $60,000 – “Full Chrome exploit”: Chrome / Win7 local OS user account persistence using only bugs in Chrome itself.
- $40,000 – “Partial Chrome exploit”: Chrome / Win7 local OS user account persistence using at least one bug in Chrome itself, plus other bugs. For example, a WebKit bug combined with a Windows sandbox bug.
- $20,000 – “Consolation reward, Flash / Windows / other”: Chrome / Win7 local OS user account persistence that does not use bugs in Chrome. For example, bugs in one or more of Flash, Windows or a driver. These exploits are not specific to Chrome and will be a threat to users of any web browser.
All winners will also receive a Chromebook.
We will issue multiple rewards per category, up to the $1 million limit, on a first-come-first served basis. There is no splitting of winnings or “winner takes all.” We require each set of exploit bugs to be reliable, fully functional end to end, disjoint, of critical impact, present in the latest versions and genuinely “0-day,” i.e. not known to us or previously shared with third parties. Contestant’s exploits must be submitted to and judged by Google before being submitted anywhere else.
It is very safe to say that Google is very serious about its browser offering as recently Google Chrome surpassed Firefox with 27% of the worlds browser market share. What do you think of this and which browser do you feel safe to browser the web with?
Live us your comments…