Dev

Cash for Chrome exploits: Google offers $2M in prizes for best hacks

Chrome Aw Snap
Image Credit: screenshot
Gaming execs: Join 180 select leaders from King, Glu, Rovio, Unity, Facebook, and more to plan your path to global domination in 2015. GamesBeat Summit is invite-only -- apply here. Ticket prices increase on March 6!

Chrome browser problem page

As security takes the spotlight, hackers are often touted as being both smarter and faster than the average white hat. Google isn’t afraid to admit this and wants to pay up to $2 million in prizes for devastating exploits — no matter what hat you wear.

The company announced yesterday that it will award up to $2 million in prizes at the Hack in a Box conference in Kuala Lumpur to hackers who can deliver exploits and bugs associated with its Chrome Browser. The contest is called the Pwnium competition — a play on the words “pwn,” slang to take total control of something, and “Chromium,” a reference to the element Google’s Web browser is named after.

This is the second Pwnium competition Google has held. Last year, however, the company offered only $1 million in prizes.

Prizes are awarded in different levels. Those who find a “full Chrome exploit” get up to $60,000. A $50,000 prize is given to those who find a “partial exploit,” or have to use bugs in software Chrome may use but is not directly developed by the Chrome team.

A panel of judges will reward those who get part of the way but can’t make it to a full exploit. All exploits must be full documented, meaning you’ll need to record the steps you took to find the exploit. Google may also want you to demonstrate the way you found it as well.

The search giant recently changed its regular bug-reporting payment structure and is now offering $1,000 bonuses if an exploit or bug proves to be particularly valuable. That is, Google will shell out the extra cash after the fact if it turns out you poked a bigger hole than originally thought.

Forbes makes a good point in that, while Google and other companies such as social network Facebook offer cash incentives, there are much bigger entities with much deeper pockets. Governments and the police are willing to pay a lot more money for a bug that may be used to that entity’s benefit.


VentureBeat is studying social media marketing tools. Chime in, and we’ll share the data with you.