Published on February 28th, 2012 | by Paterson Prosper0
Google offers $1 million reward to hackers who exploit Chrome
The thing google is really looking for (or hoping doesn’t happen, from a different perspective) is having a hacker break the sandbox. Chrome runs code in what’s called a sandbox, meaning that it’s permissions are tightly controlled; it can’t do the things a program run directly by the user could. If you can somehow elevate your code’s permission beyond what the sandbox is supposed to allow, you open the door to malicious behavior. What behavior that is is largely dependent on the hole you exploit.
Google will reward winning contestants with prizes of $60,000, $40,000, and $20,000 depending on the severity of the exploits they demonstrate on Windows 7 machines running the browser. Members of the company’s security team announced the Pwnium contest on their blog on Monday. There is no splitting of winnings, and prizes will be awarded on a first-come-first-served basis until the $1 million threshold is reached.
Now in its sixth year, the Pwn2Own contest at the same CanSecWest conference awards valuable prizes to those who remotely commandeer computers by exploiting vulnerabilities in fully patched browsers and other Internet software. At last year’s competition, Internet Explorer and Safari were both toppled but no one even attempted an exploit against Chrome (despite Google offering an additional $20,000 beyond the $15,000 provided by contest organizer Tipping Point).
Chrome is currently the only browser eligible for Pwn2Own never to be brought down. One reason repeatedly cited by contestants for its lack of attention is the difficulty of bypassing Google’s security sandbox.