Google announced that it will be sponsoring rewards for those who find Chrome exploits. This will be part of the CanSecWest security conference taking place March 7-9.
Earlier this month, Google announced the expansion of the Chromium Security Rewards program, first announced two years ago. The company, at the time, said it had already issued over $300,000 of rewards across “hundreds of qualifying bugs”.
If you think you can find more, you might want to take Google up on its offer.
Here are the rewards:
$60,000 – “Full Chrome exploit”: Chrome / Win7 local OS user account persistence using only bugs in Chrome itself.
$40,000 – “Partial Chrome exploit”: Chrome / Win7 local OS user account persistence using at least one bug in Chrome itself, plus other bugs. For example, a WebKit bug combined with a Windows sandbox bug.
$20,000 – “Consolation reward, Flash / Windows / other”: Chrome / Win7 local OS user account persistence that does not use bugs in Chrome. For example, bugs in one or more of Flash, Windows or a driver. These exploits are not specific to Chrome and will be a threat to users of any web browser. Although not specifically Chrome’s issue, we’ve decided to offer consolation prizes because these findings still help us toward our mission of making the entire web safer.
Winners also gets Chromebooks.
Google says it will issue multiple rewards per category, up to the $1 million limit (first come first serve).