Google bets $20K that Chrome can't be hacked

By Nomad_
in Back Page News

 Share

Recommended Posts

Experienced

Nomad_

Posted
Posted

http://www.computerworld.com/s/article/9207939/Google_bets_20K_that_Chrome_can_t_be_hacked?taxonomyId=15

Google will pay $20,000 to the first researcher who successfully exploits its Chrome browser at this year's Pwn2Own hacking contest.

The award is the largest ever for the annual challenge, which will kick off for the fifth time at the CanSecWest security conference in Vancouver, British Columbia, on March 9.

At this year's Pwn2Own, researchers will pit exploits against machines running Windows 7 or Mac OS X as they try to bring down Microsoft's Internet Explorer, Mozilla's Firefox, Apple's Safari and Chrome.

The first researchers to hack IE, Firefox and Safari will receive $15,000 and the machine running the browser. The prizes are $5,000 more than those given for exploiting browsers at the last Pwn2Own contest, and three times more than the 2009 awards.

"We've upped the ante this time around and the total cash pool allotted for prizes has risen to a whopping $125,000," said Aaron Portnoy, the manager of HP TippingPoint's security research team.

Grand Master

Nagisan

Posted
Posted

Someones feeling confident. But Google have worked there assess off on Chrome! We will see :D

I would actually say Google is willing to pay $20k to whoever can expose bugs in Chrome, I don't think they are confident that it can't be done, I think rather, they are willing to pay for someone to expose the bugs it does have that they haven't found.

Grand Master

Rudy

Posted
Posted

I would actually say Google is willing to pay $20k to whoever can expose bugs in Chrome, I don't think they are confident that it can't be done, I think rather, they are willing to pay for someone to expose the bugs it does have that they haven't found.

That's pretty much what I was going to post lol

Enthusiast

HeroDavies

Posted
Posted

I would actually say Google is willing to pay $20k to whoever can expose bugs in Chrome, I don't think they are confident that it can't be done, I think rather, they are willing to pay for someone to expose the bugs it does have that they haven't found.

Isn't that the point of the contest in the first place? Meaning Google wouldn't have to put any money down at all if they weren't feeling confident.

Grand Master

Nagisan

Posted
Posted

Isn't that the point of the contest in the first place? Meaning Google wouldn't have to put any money down at all if they weren't feeling confident.

$20k is relatively cheap for Google, they are most likely using it as enticement to any potential attempts. It's like putting money down on any contest, you can watch it without putting any down, but I doubt the contest participants will refuse any more money than they have already been told they are getting.

Google putting money down on the contest will mean more people will attempt to hack Chrome, which means more exploits will be found than if they had not put any money down.

Experienced

grik

Posted
Posted

Its a Win Win situation for Google.

I like this aproach rewarding testing efforts, its the way it should be. If they find a hack Chrome will be safer, if they dont find Chrome will be majorly adopted by the Geek?s and spreading the Word on the high skilled programers.

Im impressed google, good job.

Mentor

iuerg87yerg879e0rg9erugjer

Posted
Posted

so what do they have to hack in the browser to get the $20,000? because chrome is open source so hacking an open source program would make no sense for a competition though IE and firefox hacking comp sounds more like it...

Grand Master

still1

Posted
Posted

so what do they have to hack to get the $20,000? because chrome is open source...

Find a way to install virus or make it run remote code on the target PC.

You need to do this with the officially compiled chrome browser.

Edit: Say your edit Firefox is open source too.

Grand Master

+Xinok Subscriber²

Posted
  • Subscriber²
Posted

The most difficult part of exploiting Chrome is the sandbox. I remember one of the participants last year was able to find exploits in the browser, but was unable to bypass the sandbox.

Veteran

xXTOKERXx

Posted
Posted

Very interesting, but at what stage do they consider it hacked?

When you can capture details, when the browser is hijacked etc?

Also giving people time to start working their magic now ready for the "on the day" test?

Seems pretty interesting, wish I knew more about the components of browsers!

Grand Master

Malisk

Posted
Posted

Not surprised, given that it resides in a sandbox, even in Windows XP which doesn't support sandboxing natively.

That was the point when Google went "OK, so we'll make our own" unlike certain other companies. ;)

Grand Master

Alladaskill17

Posted
Posted

I would actually say Google is willing to pay $20k to whoever can expose bugs in Chrome, I don't think they are confident that it can't be done, I think rather, they are willing to pay for someone to expose the bugs it does have that they haven't found.

This.

Grand Master

MrA

Posted
Posted

I would actually say Google is willing to pay $20k to whoever can expose bugs in Chrome, I don't think they are confident that it can't be done, I think rather, they are willing to pay for someone to expose the bugs it does have that they haven't found.

There's a secondary benefit in that competitions like this bring out people that you might extend a job offer to. Google's hiring, and it's hard to find good people.

This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.

  • Posts

    • AV2, successor to popular YouTube, Netflix, Amazon codec AV1, has a hard battle ahead

      By Nas · Posted

      Absolutely NOBODY has suggested such a conclusion. I am affirming the sober reality check that AV2's overall market adoption will take longer than AV1's adoption rate -- which, by the way, is the whole point of the article! While PCI-SIG is productive (on paper), other WGs have created all sorts of confusing progress plans that consumers have tuned-out of their improvements... HTML/W3C, USB, HDMI, BT, WIFI (ieee802.11) as a few other groups where spec naming conventions, split progress paths, overlapping ambitions... I'm not critiquing the AV specs group; I'm simply affirming that adoption for AV2 faces headwinds beyond the macroeconomics of it all.
    • Politically funny images of the World

      By +primortal · Posted

    • Segra 1.5.2

      By Copernic · Posted

      Segra 1.5.2 by Razvan Serea Segra is a free, open-source OBS-powered game recorder offering fast gameplay capture, instant clips, AI highlights, deep game integration, and seamless uploads—perfect for gamers, streamers, and content creators. Lightweight, fast, zero bloat. Segra key features: Automatic Game Recording: Begin capturing gameplay the moment your game launches, with zero manual setup. Instant Clipping: Save important moments instantly using a customizable hotkey—perfect for highlights, montages, or quick shares. Segra AI Highlights: Let Segra automatically detect kills, assists, deaths, and key events to generate polished highlight reels without manual editing. Gameplay Uploads: Upload recordings and clips directly to Segra.tv for fast sharing and cloud access. Deep Game Integration: Enjoy advanced game-data tracking across hundreds of supported titles, enabling smart highlight generation and stat-informed clipping. High-Performance Capture: Record up to 4K at 144 FPS using OBS-powered technology with minimal performance impact, supporting NVENC, AMD VCE, and custom quality controls. Segra Editor: Edit recordings easily with timeline controls, segment management, and event-based navigation to build the perfect clip. Customization Options: Adjust hotkeys, output formats, storage paths, codecs, capture quality, and performance settings for a tailored recording experience. Segra 1.5.2 changelog: Settings: Added an Airplane Mode that hides account, login, and upload features. Storage: Added a button to migrate videos into the recording path after changing it. Import: Added auto-scroll and a highlight pulse to videos right after importing. Recording: Added graceful handling of low disk space and output failures, finalizing files safely with clear errors. Recording: Added a guard blocking recording when any drive exceeds 99% full. OBS: Removed the download timeout to support users with slow internet. Clips: Fixed an error modal incorrectly appearing when clip creation was cancelled. Settings: Fixed the content folder path not refreshing in the UI after changes. Updates: Improved error handling for multiple simultaneous update checks. Stability: Fixed a WebSocket reconnect loop that ran while the window was backgrounded. Dependencies: Updated project dependencies. Maintenance: Removed dead code, reduced duplication, and fixed several latent bugs. Download: Segra 1.5.2 | 73.1 MB (Open Source) View: Segra Homepage | Github | Screenshot Get alerted to all of our Software updates on Twitter at @NeowinSoftware
    • Politically funny images of the World

      By +primortal · Posted

    • Still using Classic Outlook? Microsoft highlights 15 reasons to switch to New Outlook

      By wingliston · Posted

      No thanks! WebView trash is unacceptable. I only use software that's native.

  • Recent Achievements

    • Collaborator
      Asgardi earned a badge
      Collaborator
    • Conversation Starter
      mobandz earned a badge
      Conversation Starter
    • Apprentice
      fernan99 went up a rank
      Apprentice
    • One Month Later
      nothanks earned a badge
      One Month Later
    • One Month Later
      B2Proxy earned a badge
      One Month Later

  • Popular Contributors

    1. 1
      +primortal
      465
    2. 2
      PsYcHoKiLLa
      244
    3. 3
      Skyfrog
      79
    4. 4
      FloatingFatMan
      69
    5. 5
      Michael Scrip
      60
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!