Google Giving Away A Million Dollars For Finding Chrome Exploits

    February 28, 2012
    Chris Crum

Google announced that it will be sponsoring rewards for those who find Chrome exploits. This will be part of the CanSecWest security conference taking place March 7-9.

Earlier this month, Google announced the expansion of the Chromium Security Rewards program, first announced two years ago. The company, at the time, said it had already issued over $300,000 of rewards across “hundreds of qualifying bugs”.

If you think you can find more, you might want to take Google up on its offer.

Here are the rewards:

$60,000 – “Full Chrome exploit”: Chrome / Win7 local OS user account persistence using only bugs in Chrome itself.

$40,000 – “Partial Chrome exploit”: Chrome / Win7 local OS user account persistence using at least one bug in Chrome itself, plus other bugs. For example, a WebKit bug combined with a Windows sandbox bug.

$20,000 – “Consolation reward, Flash / Windows / other”: Chrome / Win7 local OS user account persistence that does not use bugs in Chrome. For example, bugs in one or more of Flash, Windows or a driver. These exploits are not specific to Chrome and will be a threat to users of any web browser. Although not specifically Chrome’s issue, we’ve decided to offer consolation prizes because these findings still help us toward our mission of making the entire web safer.

Winners also gets Chromebooks.

Google says it will issue multiple rewards per category, up to the $1 million limit (first come first serve).


Chris Crum
Chris Crum has been a part of the WebProNews team and the iEntry Network of B2B Publications since 2003. Follow Chris on Twitter, on StumbleUpon, on Pinterest and/or on Google: +Chris Crum.