Google is offering hackers $1 million
in prize money to find and exploit new security flaws in its Chrome
Web browser, the company said Tuesday.
Under the terms of the offer, the Web software giant will pay
$60,000 for any "full Chrome exploit" that allows malicious
hackers to take over a users' computer via a bug solely in the
company's Web browser. The hackers must make available the full
details of the exploit to Google in order to qualify for the prize,
and must not have released details of the exploit to anyone else, the
Google Chrome security team announced in a late Monday blog posting.
In addition, Google will pay $40,000 to anyone whose new
exploit relies on a bug in Chrome in conjunction with a flaw in
Windows 7, and will offer $20,000 to those who uncover a previously
unknown bug in Windows 7. It will pay these sums for every new
exploit it receives until the $1 million limit is reached.
"The aim of our sponsorship is simple: we have a big learning
opportunity when we receive full end-to-end exploits," said Google's
Chrome security. "Not only can we fix the bugs, but by studying the
vulnerability and exploit techniques we can enhance our mitigations,
automated testing, and sandboxing. This enables us to better protect
our users."
