Google bets $20K that Chrome can't be hacked

[Nomad_]

http://www.computerworld.com/s/article/9207939/Google_bets_20K_that_Chrome_can_t_be_hacked?taxonomyId=15

Google will pay $20,000 to the first researcher who successfully exploits its Chrome browser at this year's Pwn2Own hacking contest.

The award is the largest ever for the annual challenge, which will kick off for the fifth time at the CanSecWest security conference in Vancouver, British Columbia, on March 9.

At this year's Pwn2Own, researchers will pit exploits against machines running Windows 7 or Mac OS X as they try to bring down Microsoft's Internet Explorer, Mozilla's Firefox, Apple's Safari and Chrome.

The first researchers to hack IE, Firefox and Safari will receive $15,000 and the machine running the browser. The prizes are $5,000 more than those given for exploiting browsers at the last Pwn2Own contest, and three times more than the 2009 awards.

"We've upped the ante this time around and the total cash pool allotted for prizes has risen to a whopping $125,000," said Aaron Portnoy, the manager of HP TippingPoint's security research team.

[SuperKid]

Someones feeling confident. But Google have worked there assess off on Chrome! We will see :D

[Nagisan]

Someones feeling confident. But Google have worked there assess off on Chrome! We will see :D

I would actually say Google is willing to pay $20k to whoever can expose bugs in Chrome, I don't think they are confident that it can't be done, I think rather, they are willing to pay for someone to expose the bugs it does have that they haven't found.

[Rudy]

I would actually say Google is willing to pay $20k to whoever can expose bugs in Chrome, I don't think they are confident that it can't be done, I think rather, they are willing to pay for someone to expose the bugs it does have that they haven't found.

That's pretty much what I was going to post lol

[Detection]

Yea, I cant see Chrome being un-hackable - 20k is cheaper for google than a security exploit that take down their browser and whoever is using it

[HeroDavies]

I would actually say Google is willing to pay $20k to whoever can expose bugs in Chrome, I don't think they are confident that it can't be done, I think rather, they are willing to pay for someone to expose the bugs it does have that they haven't found.

Isn't that the point of the contest in the first place? Meaning Google wouldn't have to put any money down at all if they weren't feeling confident.

[Jase]

This should be good!

[Nagisan]

Isn't that the point of the contest in the first place? Meaning Google wouldn't have to put any money down at all if they weren't feeling confident.

$20k is relatively cheap for Google, they are most likely using it as enticement to any potential attempts. It's like putting money down on any contest, you can watch it without putting any down, but I doubt the contest participants will refuse any more money than they have already been told they are getting.

Google putting money down on the contest will mean more people will attempt to hack Chrome, which means more exploits will be found than if they had not put any money down.

[still1]

If Google wins the bet its worth more than 20k for Google. They get more customers.

[grik]

Its a Win Win situation for Google.

I like this aproach rewarding testing efforts, its the way it should be. If they find a hack Chrome will be safer, if they dont find Chrome will be majorly adopted by the Geek?s and spreading the Word on the high skilled programers.

Im impressed google, good job.

[tiagosilva29]

Challenge accepted.

[iuerg87yerg879e0rg9erugjer]

so what do they have to hack in the browser to get the $20,000? because chrome is open source so hacking an open source program would make no sense for a competition though IE and firefox hacking comp sounds more like it...

[still1]

so what do they have to hack to get the $20,000? because chrome is open source...

Find a way to install virus or make it run remote code on the target PC.

You need to do this with the officially compiled chrome browser.

Edit: Say your edit Firefox is open source too.

[tomwarren Veteran]

Wow, pretty bold move.

[+Xinok Subscriber²]

The most difficult part of exploiting Chrome is the sandbox. I remember one of the participants last year was able to find exploits in the browser, but was unable to bypass the sandbox.

[xXTOKERXx]

Very interesting, but at what stage do they consider it hacked?

When you can capture details, when the browser is hijacked etc?

Also giving people time to start working their magic now ready for the "on the day" test?

Seems pretty interesting, wish I knew more about the components of browsers!

[Malisk]

Not surprised, given that it resides in a sandbox, even in Windows XP which doesn't support sandboxing natively.

That was the point when Google went "OK, so we'll make our own" unlike certain other companies. ;)

[Subject Delta]

This is Good. Not only does it show that Google has confidence in their product, it also shows that they are interested in making it even better.

[KeeperOfThePizza]

sometimes you gotta spend money in order to make money!

[Fluxii Media]

Epic move on google's part. Last i remembered chrome was the only browser last year to not get exploited.

[Tharp Daddy]

I imagine 20k is less than you would find lying on the floor in the Goggle HQ :laugh: . Cool to see they are confident in their product, though!

[Scorbing]

Someone will do it.

[Draconian Guppy]

this just in... Google pays 20k to anon hacker :p It's obvious why they're doing this, they'd rather pay upfront then lose market share

[Alladaskill17]

I would actually say Google is willing to pay $20k to whoever can expose bugs in Chrome, I don't think they are confident that it can't be done, I think rather, they are willing to pay for someone to expose the bugs it does have that they haven't found.

This.

[MrA]

I would actually say Google is willing to pay $20k to whoever can expose bugs in Chrome, I don't think they are confident that it can't be done, I think rather, they are willing to pay for someone to expose the bugs it does have that they haven't found.

There's a secondary benefit in that competitions like this bring out people that you might extend a job offer to. Google's hiring, and it's hard to find good people.