Home Google Offering $1 Million Bounty for Chrome Exploits

Google Offering $1 Million Bounty for Chrome Exploits

Google is offering up to $1 million in total bounties for hackers who can find security exploits in its Chrome browser. There’s no better way for the Chrome team to shore up security problems than by inviting people to point them out. The contest will convene at Chrome’s table at the CanSecWest security conference from March 7-9.

There are three tiers of rewards, all for bugs in the Windows environment. A full exploit of bugs in Chrome itself will net you $60,000, a partial exploit that combines a Chrome bug with other bugs gets $40,000, and the consolation prize is $20,000 an exploit of Chrome using bugs in Flash, Windows or something else. All winners also get a Chromebook.

From the Chromium blog:

$60,000 – “Full Chrome exploit”: Chrome / Win7 local OS user account persistence using only bugs in Chrome itself.

$40,000 – “Partial Chrome exploit”: Chrome / Win7 local OS user account persistence using at least one bug in Chrome itself, plus other bugs. For example, a WebKit bug combined with a Windows sandbox bug.

$20,000 – “Consolation reward, Flash / Windows / other”: Chrome / Win7 local OS user account persistence that does not use bugs in Chrome. For example, bugs in one or more of Flash, Windows or a driver. These exploits are not specific to Chrome and will be a threat to users of any web browser. Although not specifically Chrome’s issue, we’ve decided to offer consolation prizes because these findings still help us toward our mission of making the entire web safer.

The budget for winners is $1 million, and Google will pay out as many rewards as it can on a first-come-first-served basis until the money expires. All submissions must be judged by Google before they’re submitted anywhere else.

Google planned to offer Chrome as one of the target browsers in the conference’s Pwn2Own contest, as it did last year. It withdrew that sponsorship after learning that contestants didn’t have to reveal their exploits or bugs to vendors in order to enter. So this year, Chrome offers its own contest, and it promises to send bugs found in software other than Chrome to the vendor immediately.

About ReadWrite’s Editorial Process

The ReadWrite Editorial policy involves closely monitoring the tech industry for major developments, new product launches, AI breakthroughs, video game releases and other newsworthy events. Editors assign relevant stories to staff writers or freelance contributors with expertise in each particular topic area. Before publication, articles go through a rigorous round of editing for accuracy, clarity, and to ensure adherence to ReadWrite's style guidelines.

Get the biggest tech headlines of the day delivered to your inbox

    By signing up, you agree to our Terms and Privacy Policy. Unsubscribe anytime.

    Tech News

    Explore the latest in tech with our Tech News. We cut through the noise for concise, relevant updates, keeping you informed about the rapidly evolving tech landscape with curated content that separates signal from noise.

    In-Depth Tech Stories

    Explore tech impact in In-Depth Stories. Narrative data journalism offers comprehensive analyses, revealing stories behind data. Understand industry trends for a deeper perspective on tech's intricate relationships with society.

    Expert Reviews

    Empower decisions with Expert Reviews, merging industry expertise and insightful analysis. Delve into tech intricacies, get the best deals, and stay ahead with our trustworthy guide to navigating the ever-changing tech market.