Any hackers who think they know a thing or two about Chrome should strongly consider booking a flight to Vancouver, British Columbia. At the Pwn2Own competition in early March, the first person who can exploit the browser will get $20,000 (and a Cr-48 notebook, if it matters) from Google itself.
Aaron Portnoy, Manager of the Security Research Team at TippingPoint Technologies (which is behind the event), explained in an official blog post, "[W]e’ve partnered with Google who has generously offered up $20,000 to the researcher who can best their Chrome browser."
Then, in terms of Chrome-related specifics, Portnoy later continued, "[T]he contest will be a two-part one. On day 1, Google will offer $20,000 USD and the CR-48 if a contestant can pop the browser and escape the sandbox using vulnerabilities purely present in Google-written code. If competitors are unsuccessful, on day 2 and 3 the ZDI will offer $10,000 USD for a sandbox escape in non-Google code and Google will offer $10,000 USD for the Chrome bug. Either way, plugins other than the built-in PDF support are out of scope."
This development may not come as too much of a surprise; Google created a vulnerability reward program quite some time ago, and has been known to give out sums of up to $3,133.70.
Obviously, though, $20,000 is a lot more than that (about 6.38 times more, in fact), and the publicity surrounding the competition could draw more hackers. So it looks like Google’s getting rather confident about Chrome’s security.
Hackers shouldn’t give up hope, though. Since Google’s market cap is $194 billion, the search giant hasn’t really made that huge a wager here.