Google increases rewards for bug and exploit finding

Share this article:

To keep the exploits flowing in, Google announced this week that it plans to raise the prizes at its next Pwnium competition, to be held at the upcoming Hack in the Box conference in Malaysia.

In addition, it is upping the bounties it pays researchers who discover vulnerabilities in Chromium, the open-source framework on which the Chrome web browser is based.

For Pwnium, Google is ready to hand out $2 million in payoffs at the Oct. 10 event, including $60,000 for researchers who pull off a "full Chrome exploit," which involves an attack that leverages only vulnerabilities in the Chrome browser. The internet giant also is giving away $50,000 for a "partial Chrome exploit," which requires the use of bugs in third-party software.

"Exploits should be demonstrated against the latest stable version of Chrome," Google software engineer Chris Evans wrote in a Wednesday blog post. "Chrome and the underlying operating system and drivers will be fully patched and running on an Acer Aspire V5-571-6869 laptop (which we'll be giving away to the best entry.) Exploits should be served from a password-authenticated and HTTPS Google property, such as App Engine. The bugs used must be novel i.e. not known to us or fixed on trunk. Please document the exploit."

Google launched the Pwnium contest in March at the CanSecWest hacker conference in Vancouver, at which it offered $1 million in prizes.

As for Chromium vulnerability discoveries, Google also announced it is adding $1,000 to its base bounty, which usually nets recipients about $500.

Evans, in separate blog post, said the company is augmenting the reward because it has noticed a dip in submissions to the bounty program, which launched in January 2010.

"This signals to us that bugs are becoming harder to find, as the efforts of the wider community have made Chromium significantly stronger," he wrote.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Hackers grab email addresses of CurrentC pilot participants

Hackers grab email addresses of CurrentC pilot participants

Although the hack didn't breach the mobile payment app itself, consumer confidence may be shaken.

Operators disable firewall features to increase network performance, survey finds

Operators disable firewall features to increase network performance, ...

McAfee found that 60 percent of 504 surveyed IT professionals prioritize security as the primary driver of network design.

PCI publishes guidance on security awareness programs

PCI publishes guidance on security awareness programs

The guidance, developed by a PCI Special Interest Group, will help merchants educate staff on protecting cardholder data.