Friday, February 4, 2011

Google To Pay $20,000 For Chrome Browser Hack


Advertising or marketing agencies with tech-savvy developers might want to take Google up on an interesting challenge -- not only to gain a little notoriety as having the skills to support online campaigns, but to pick up a big bundle of cash. At this year's Pwn2Own hacking contest, Google will pay $20,000 and a Chrome CR-48 notebook to the first "researcher" who can successfully exploit its Chrome browser, which supports HTML5.
Brands like Marvel Comics have begun launching products on Chrome. The company released the free Marvel Comics on Chrome app for the Google Chrome Web browser, delivering more than 1,600 comics available through the application, which uses HTML5.
Campaign designers looking to create ads and products running in the browser might want to pay attention to any potential vulnerability that may relate to malware and other viruses. Google's bounty is the largest amount ever offered. The contest takes place in March at the CanSecWest conference in Vancouver, BC.
The Chrome browser is the only participating browser built with sandbox, a program used by Chrome designers to segment potentially malicious scripts that keep them from entering the core browser code. Exploiting Chrome means that researchers will need to find two vulnerabilities rather than one. The first allows the attack code to escape the sandbox program and the second to exploit Chrome with a bug.

TippingPoint, which provides the rules, lists the details of the content. The Chrome contest will run in two parts. On day 1, Google will offer $20,000 and the CR-48 if a contestant can pop the browser and escape the sandbox using vulnerabilities purely present in Google-written code. If competitors are unsuccessful, on day 2 and 3 the ZDI will offer $10,000 for a sandbox escape in non-Google code, while Google will offer $10,000 for the Chrome bug.
Other Web browsers participating in the contest include the latest versions of Microsoft Internet Explorer, Apple Safari, and Mozilla Firefox. Contest rules detail that each browser will be installed on a 64-bit system running the latest version of either OS X or Windows 7. A successful hack of IE, Safari, or Firefox will net the competitor a $15,000 cash prize, the laptop, and 20,000 ZDI reward points that qualifies the person for Silver standing. 

No comments:

Post a Comment