Google to offer up $3.14159 million if you can crack Chrome OS

Google quite frequently offers up cash to those who can find security holes in its software, and if you are headed to Pwnium this year, you can walk away with a serious amount of cash.

Google is offering up $3.14159 million to anyone able to hack the Chrome OS. Now, they will not be giving this amount to one individual but will be offering up a piece of that Pi to anyone who can find and exploit a flaw in Chrome OS via a web page.

Google will be giving out $110,000 for each temporary compromise or $150,000 for each compromise that is able to survive a reboot of the machine. One stipulation is that the flaw must be executed on a Samsung 550 Chromebook that is using a WiFi connection

For Google, while this may sound expensive, it's actually a cheap way to have someone else do your security work and find holes before they are uncovered in the wild and executed. While this is not a lazy approach as Google has a security team working on the OS, no single entity is perfect. By crowdsourcing its security efforts alongside its internal procedures, it helps to make the OS more secure which is a benefit to the end user.

The Pwnium contest will take place in Vancouver in March

Source: Yahoo

Report a problem with article
Previous Story

Next gen Xbox GPU specs reportedly leak

Next Story

Microsoft's Windows business lead on Windows 8 sales: "It's a solid start" [Update]

44 Comments

View more comments

billyea said,
And after you've hacked the OS, you can do things like... like...
.... brb, looking up what you can do on Chrome OS

If I was able to crack the OS..... I could not care less to do something with it; I would focus to what to do with the money I got....

techbeck said,

I was responding to someone who said he was going ot look at what Chrome OS can do. So I provided him with a link. So I am staying on topic and discussing Chrome OS.

We all know your distaste towards Google and a lot of Google threads, you have to bring Windows in to it. Again, this thread is NOT about Windows and what people think about it. It is about Chrome...period.

Indeed; we all have our own preferences but this kind of wining, especially on a site like Neowin, is even detrimental to the subject is supposed to support.

I think this comment chain needs to be cleaned up.

Yes, I was poking fun at Chrome OS, but after being provided with a legitimate response, I gave a legitimate thanks. You know, because I love tech and I'm willing to learn more about Chrome OS (even though I don't think it's all that good).

nohone said,


But it says there are 1000s of apps! Of course, when there are only 150,000 on the Windows Phone app store (released October 2010) and over 40,000 for the Win8 store (released October 2012). And we know how bad those app stores are - people here on Neowin like to tell us all the time. But Chrome OS has 1000s since Nov. 2009. Yep, the Windows Phone and Windows8 ecosystems, they are bad and you cannot do anything with those devices. But Chrome, you can do anything you want and it will revolutionize the world.

Oh, and I love how WinRT is supposedly confusing to people, but naming your web browser (the thing that runs on PCs) Chrome, naming your OS for a limited number of devices Chrome, and naming the computers Chromebook and Chromebox - that is in no way confusing and people will immediately know the differences.

I like how you got all of that from a link that Techbeck posted. No one in this thread, or on this page for that matter, were making those types of claims. Like, no one made off like Chrome is going to revolutionize the world, or that the Windows ecosystem was bad.

So I have to ask. Who are you arguing with?

Choto Cheeta said,
Where can i download the chrome os and can I install it in my PC

Where can I download and install OSX or Windows 8 RT to install in my PC ?

Kalint said,
How cool would that be if Google gave them actual pie instead!

Anyone who cracks any code, never gets pie.

Thats great an all, but what happens when a rogue website dev says, "hey hacker, I'll give you 200k for the exploit if you don't disclose it to google"

Some random hacker is really going to offer $200k for an exploit... on a system that barely has any marketshare... read: Targets... read: chance to make investment back?

I doubt you'd get 200k for a Windows/iPhone/Android zero day... although It'd be nice to know how much a zero-day actually does go for.

If the money is right, people will try. 3mil is a lot of money.

read the article.
it is "only" $150k for an exploit that would have to exploit a flaw in the browser, exploit a flaw in the sandbox, and exploit another flaw to persist after restart.

that's a lot of work for a team of skilled hackers. Several months of work with no guarantee of success.

even attacking Windows RT with a browser flaw has never been done before, despite the fact that it is similar to Windows x86.

You said yourself, that Chrome OS has been out for 2yrs or so. Considering that, there is plenty of time for hackers to fool around with Chrome OS and find a way to crack it. Hackers are not going to wait for Google to announce a payment and I am sure someone has been messing with Chrome already. Just like every year when the contest between Windows/iOS/Linux comes out...some take days to crack (if at all) and some take 10 minutes. And these systems are updated with the latest patches/security fixes before the contest.

two years of existence, and still 0.0x% of market share.
I don't think there are many skilled hackers wasting their time on it when they can earn a lot of money with other platforms.

btw, at hacking contests, when someone hacks a system in 5 minutes, that's because he had the exploit code ready before coming to the contest.
it takes rather 5 months than 5 minutes to identify a 0day flaw, and develop an exploit that can bypass ASLR, DEP and the browser sandbox.

Commenting is disabled on this article.