Chrome is now hackable. For a long time, the web browser developed by Internet search and advertising giant held the distinction of being unhackable because it was, well, unhackable.
This means that there was nary a full Chrome exploit that was reported for Chrome, full exploit being a way to control a Windows-based system by taking advantage of bugs found only in Chrome.
The announcement came from Sundar Pichai, the Google SVP who heads the Chrome and Gogle Apps efforts. He wrote:
“Congrats to long-time Chromium contributor Sergey Glazunov who just submitted our first Pwnium entry. Looks like it qualifies as a ‘Full Chrome’ exploit, qualifying for a $60k reward. We’re working fast on a fix that we’ll push via auto-update. This is exciting; we launched Pwnium this year to encourage the security community to submit exploits for us to help make the web safer. We look forward to any additional submissions to make Chrome even stronger for our users.”
Glazunov, who’s a Russian university student, will also receive a Chromebook.
The award is part of the Pwnium program of Google which runs alongside the Pwn2Own contest hosted by Zero Day Initiative. Pwn being the tech speak for “own” or dominate. Google says that it originally planned to be a sponsor of the Pwn2Own contest. However, they withdrew because it has been revealed explicitly that full exploits are not required to be revealed by entrants to the contest.
So Google decided to run Pwnium offering $1 million in bounty money to hackers who crack their browser.
There are three categories for prices. The first one is the “Full Chrome Exploit” category which comes with the $60,000 price. It requires that the exploit use only bugs within Chrome. The second one is the “Partial Chrome Exploit” with a reward money of $40,000 which relies on Chrome bug/s and other bugs. Google also decided to offer $20,000 to bugs discovered in Flash, Windows and “others” because they say that these exploits, “Although not specifically Chrome’s issue, we’ve decided to offer consolation prizes because these findings still help us toward our mission of making the entire web safer.”
Google seems genuinely happy to discover bugs in Chrome. We understand this too because their goal is to have the best browser out there. It’s better to have reported exploits and lose the “unhackable” distinction than have unreported exploits only to come bite them on the behind later on.
With billions in the bank, we think this million dollars being given away by Google to help better their products is money very well spent. What do you think? Tell us via the comments below.
Images 1 & 2 from isriya on Flickr