Google bets $20K that Chrome can't be hacked

By Nomad_
in Back Page News

 Share

Recommended Posts

Experienced

Nomad_

Posted
Posted

http://www.computerworld.com/s/article/9207939/Google_bets_20K_that_Chrome_can_t_be_hacked?taxonomyId=15

Google will pay $20,000 to the first researcher who successfully exploits its Chrome browser at this year's Pwn2Own hacking contest.

The award is the largest ever for the annual challenge, which will kick off for the fifth time at the CanSecWest security conference in Vancouver, British Columbia, on March 9.

At this year's Pwn2Own, researchers will pit exploits against machines running Windows 7 or Mac OS X as they try to bring down Microsoft's Internet Explorer, Mozilla's Firefox, Apple's Safari and Chrome.

The first researchers to hack IE, Firefox and Safari will receive $15,000 and the machine running the browser. The prizes are $5,000 more than those given for exploiting browsers at the last Pwn2Own contest, and three times more than the 2009 awards.

"We've upped the ante this time around and the total cash pool allotted for prizes has risen to a whopping $125,000," said Aaron Portnoy, the manager of HP TippingPoint's security research team.

Grand Master

Nagisan

Posted
Posted

Someones feeling confident. But Google have worked there assess off on Chrome! We will see :D

I would actually say Google is willing to pay $20k to whoever can expose bugs in Chrome, I don't think they are confident that it can't be done, I think rather, they are willing to pay for someone to expose the bugs it does have that they haven't found.

Grand Master

Rudy

Posted
Posted

I would actually say Google is willing to pay $20k to whoever can expose bugs in Chrome, I don't think they are confident that it can't be done, I think rather, they are willing to pay for someone to expose the bugs it does have that they haven't found.

That's pretty much what I was going to post lol

Enthusiast

HeroDavies

Posted
Posted

I would actually say Google is willing to pay $20k to whoever can expose bugs in Chrome, I don't think they are confident that it can't be done, I think rather, they are willing to pay for someone to expose the bugs it does have that they haven't found.

Isn't that the point of the contest in the first place? Meaning Google wouldn't have to put any money down at all if they weren't feeling confident.

Grand Master

Nagisan

Posted
Posted

Isn't that the point of the contest in the first place? Meaning Google wouldn't have to put any money down at all if they weren't feeling confident.

$20k is relatively cheap for Google, they are most likely using it as enticement to any potential attempts. It's like putting money down on any contest, you can watch it without putting any down, but I doubt the contest participants will refuse any more money than they have already been told they are getting.

Google putting money down on the contest will mean more people will attempt to hack Chrome, which means more exploits will be found than if they had not put any money down.

Experienced

grik

Posted
Posted

Its a Win Win situation for Google.

I like this aproach rewarding testing efforts, its the way it should be. If they find a hack Chrome will be safer, if they dont find Chrome will be majorly adopted by the Geek?s and spreading the Word on the high skilled programers.

Im impressed google, good job.

Mentor

iuerg87yerg879e0rg9erugjer

Posted
Posted

so what do they have to hack in the browser to get the $20,000? because chrome is open source so hacking an open source program would make no sense for a competition though IE and firefox hacking comp sounds more like it...

Grand Master

still1

Posted
Posted

so what do they have to hack to get the $20,000? because chrome is open source...

Find a way to install virus or make it run remote code on the target PC.

You need to do this with the officially compiled chrome browser.

Edit: Say your edit Firefox is open source too.

Grand Master

+Xinok Subscriber²

Posted
  • Subscriber²
Posted

The most difficult part of exploiting Chrome is the sandbox. I remember one of the participants last year was able to find exploits in the browser, but was unable to bypass the sandbox.

Veteran

xXTOKERXx

Posted
Posted

Very interesting, but at what stage do they consider it hacked?

When you can capture details, when the browser is hijacked etc?

Also giving people time to start working their magic now ready for the "on the day" test?

Seems pretty interesting, wish I knew more about the components of browsers!

Grand Master

Malisk

Posted
Posted

Not surprised, given that it resides in a sandbox, even in Windows XP which doesn't support sandboxing natively.

That was the point when Google went "OK, so we'll make our own" unlike certain other companies. ;)

Grand Master

Alladaskill17

Posted
Posted

I would actually say Google is willing to pay $20k to whoever can expose bugs in Chrome, I don't think they are confident that it can't be done, I think rather, they are willing to pay for someone to expose the bugs it does have that they haven't found.

This.

Grand Master

MrA

Posted
Posted

I would actually say Google is willing to pay $20k to whoever can expose bugs in Chrome, I don't think they are confident that it can't be done, I think rather, they are willing to pay for someone to expose the bugs it does have that they haven't found.

There's a secondary benefit in that competitions like this bring out people that you might extend a job offer to. Google's hiring, and it's hard to find good people.

This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.

  • Posts

    • Unofficial script lets you install unreleased Windows 11 features without Microsoft Account

      By hellowalkman · Posted

      Unofficial script lets you install unreleased Windows 11 features without Microsoft Account by Sayan Sen Microsoft has been steadily evolving the Windows Insider Program over the years, introducing new channels and testing paths that allow enthusiasts to experience upcoming and yet-to-be-released Windows features (some interesting hidden ones too) before they reach the public. However, one long-standing requirement has remained largely unchanged as users are generally expected to enroll in the Program and with a Microsoft account. That's where a third-party tool called "OfflineInsiderEnroll" can help. OfflineInsiderEnroll is said to be a lightweight script that enables access to Windows Insider Program builds on systems that are not signed in with a Microsoft account. Essentially the tool configures the necessary Insider settings locally and hence allows users to select and switch between available preview channels while continuing to receive builds through the normal Windows Update channel. If you are wondering how it manages to do so, it is made possible by a Registry value known as TestFlags. When configured to"0x20", Windows stops communicating with Microsoft's online Insider enrollment services thus preventing locally configured Insider settings from being overwritten. This allows the script to apply its own channel configuration directly through the Registry as Windows Update does not verify whether a device has been officially enrolled in the Insider Program or not. Previously the utility has had already supported the traditional Insider branches including Dev, Beta, and Release Preview. However following Microsoft’s recent restructuring of its preview channels, the script has now been updated. The latest OfflineInsiderEnroll version, 2.6.6, adds support for the newly introduced Insider channel lineup. As such, users can now choose from several Experimental channels in addition to Beta and Release Preview options. The update also retains tools for refreshing the Insider cache, resetting Insider settings, and completely stopping Insider enrollment when needed. Keep in mind though that will need elevated privileges when running the script (run as Admin). You can get the latest version of OfflineInsiderEnroll from this page on its official GitHub repo.
    • Browser vendors pen open letter to Microsoft saying "enough is enough"

      By +InsaneNutter · Posted

      The "Classic" Outlook has done that for a few years as well. The option to even change that is really hidden away too... It really shouldn't be hard to respect user defaults. Sadly we are the product now, not Outlook. To change in the Classic Outlook: File > Options > Advanced > change "Open hyperlinks from Outlook in"
    • Politically funny images of the World

      By PsYcHoKiLLa · Posted

      Get yo ass to space
    • Vivaldi 8.0.4033.44

      By Copernic · Posted

      Vivaldi 8.0.4033.44 is out.
    • Apple MacBook Neo is a blessing for Windows users, here's why

      By binaryzero · Posted

      For the purpose that it was built for, it’s a great machine. It’s okay to own multiple machines, it’s okay for machines to be different. If every computer was the same, they’d be boring af.

  • Recent Achievements

    • Week One Done
      Dr Jared Dental Studio earned a badge
      Week One Done
    • Week One Done
      RG INVESTMENT GROUP earned a badge
      Week One Done
    • Very Popular
      The Norwegian Drone Pilot earned a badge
      Very Popular
    • Very Popular
      s0nic69 earned a badge
      Very Popular
    • Collaborator
      Asgardi earned a badge
      Collaborator

  • Popular Contributors

    1. 1
      +primortal
      474
    2. 2
      PsYcHoKiLLa
      249
    3. 3
      Skyfrog
      79
    4. 4
      FloatingFatMan
      67
    5. 5
      Michael Scrip
      60
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!