Find a Chrome Bug or Vulnerability and Win Money
Article by George Norman
On 01 Feb 2010
At PWN2OWN last year, the only browser to stand up and not get cracked was Google’s Chrome. Microsoft’s IE8, Apple’s Safari and Mozilla’s Firefox were all hacked into, but Google’s Chrome browser stood its ground. It’s not because Chrome isn’t plagued by bugs and security vulnerabilities, it’s just that exploiting these vulnerabilities is pretty hard. At least that’s what Charlie Miller said back then.

Speaking of bugs and vulnerabilities, the Mountain View-based search engine giant has launched an interesting invitation to all security experts out there. Basically the company wants security experts to take a look at Chrome or Chromium (the open source code used as the foundation of Chrome) and see if they can uncover any bug or security vulnerability. If they do find something, they will be awarded money, between $500 and $1337 (funny). The amount of money depends on the severity of the vulnerability.


“We are introducing an experimental new incentive for external researchers to participate. We will be rewarding select interesting and original vulnerabilities reported to us by the security research community. For existing contributors to Chromium security — who would likely continue to contribute regardless — this may be seen as a token of our appreciation. In addition, we are hoping that the introduction of this program will encourage new individuals to participate in Chromium security. The more people involved in scrutinizing Chromium's code and behavior, the more secure our millions of users will be. Any bug filed through the Chromium bug tracker (under the template "Security Bug") will qualify for consideration,” announced Google Chrome Security team member, Chris Evans.

This initiative is also meant to deter irresponsible vulnerability disclosure. If a security expert manages to uncover a security hole in Chrome or Chromium, I’m sure he’d much rather get the money than reveal it to the world. Making security vulnerabilities public before Google has had a chance to fix them is irresponsible behavior, as malicious hackers could exploit the vulnerability while it remains unpatched.

I’m talking about whitehat hackers here. They might be tempted to make an honest buck this way. Blackhat hackers will definitely not see $500 as an incentive, not when a serious browser 0-day exploit that can allow execution of malware goes for much more than that on the black market.

It should be said that Google’s initiative is not original. The folks over at Mozilla have the Mozilla Security Bug Bounty Program in place for quite some time, program which rewards those who report valid critical security bugs with $500 (US) cash reward and a Mozilla T-shirt.

Tags: Google, Chrome, Chromium, Security
About the author: George Norman
George is a news editor.
You can follow him on Google+, Facebook or Twitter

I Hope you LIKE this blog post! Thank you!
What do YOU have to say about this
blog comments powered by Disqus
Popular News
By George Norman on 17 Aug 2017
With the blockbuster movie season upon us, Sony decided to celebrate the occasion with a sale: the Attack of the Blockbusters Sale that offers discounts of up to 50% (60% if you’re a PlayStation Plus member) on a ton of PS4 video games.
By George Norman on 17 Aug 2017
Samsung’s new T5 portable solid-state drive (PSSD) uses the latest 64-layer V-NAND technology, offers between 250GB and 2TB of storage capacity, has a lightweight and shock-resistant design that’s smaller than the average business card, and delivers industry-leading transfer speeds of up to 540 MB/s.
Related News
Sponsored Links
Hot Software Updates
Top Downloads
Become A Fan!
Link To Us!
Find a Chrome Bug or Vulnerability and Win Money
HTML Linking Code