Google doubles reward for security bug hunters

By on
Google doubles reward for security bug hunters

Challenges researchers to compromise Chromebooks.

Google is upping the ante with its Chrome reward program, promising to pay US$100,000 (A$133,400) to anyone who finds a weakness in its Chromebooks and Chrome boxes in guest mode.

The compromise must be delivered via a web page and persist over a reboot.

So far, Google hasn't had a successful submission for the vulnerability, but the company's security engineers Nathan Parker and Tim Willis said "great research deserves great awards" and therefore, bounty has now doubled from an original US$50,000.

Google will also pay up to US$15,000 for high-quality reports about vulnerabilities with reliable exploits that escape the Chrome browser's application isolation or sandbox feature.

In specific cases however, Google will up the bug bounty substantially if the vulnerability is severe, and will top up the reward by US$500 or US$1337 if a patch is supplied with the report.

There is also a reward for finding a way to bypass the Chrome web browser's safe browsing download proection features.

This pays US$500 to US$1000 per vulnerability, depending on report quality. Researchers must find a way to land a binary on a user's computer, where it can be executed with minimal interaction.

Bug bounty programs have become commonplace amongst online companies over the past years, in order to encourage community input into security improvements.

Facebook said it has paid out US$4.3 million (A$5.75 million) in bug bounties since 2011. Last year, the social network handed US$936,000 (A$1.25 million) to 210 researchers around the world.

In February this year, Indian developer Anand Prakash earnt US$15,000 after finding a simple vulnerability that could have been used to reset all Facebook user passwords and gain access to the accounts they protect.

 

Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

Log In

Username:
Password:
|  Forgot your password?