Google wants to give you $100,000, and all you have to do is show how insecure its Chromebook is. The company has doubled its top bounty for Chrome OS exploits, having seen no security researchers or experts step forward over the past year to collect the previous prize with a working hack.
The challenge is, on paper, fairly straightforward. To walk away with the cash, Google says you must show how to compromise a Chromebook or Chromebox, with device persistence, in guest mode.
That means, a webpage based exploit that remains effective, even if Chrome OS is rebooted.
Google has a bottomless purse for such a hack, according to Nathan Parker, Chrome Defender, and Tim Willis, Hacker Philanthropist, at the company.
Meanwhile, other reward-worthy exploits are being added to the list this week, too. Most notably is a bounty for any method to bypass the Safe Browsing feature in Chrome – whether on a Chromebook running Chrome OS, or in the Chrome browser which is available for a variety of platforms – and install something malicious onto a user’s machine as a result.
In order to qualify, the exploit needs to be able to get a blacklisted installer past Safe Browsing, and then lead to “non-sandboxed code execution after minimal user interaction with the file,” Google says.
Demonstrating such an exploit could be worth up to $1,000, the search giant says. Other bounties range up to $15,000, with Google throwing in extra if a well-written patch is included.
Since not everybody hacks for the cash, there’s also the option to elect a charity to get the money instead. In such a case, Google will double the donation. Conversely, if you spill the beans on a security loophole publicly, without giving Google due warning first, you can get nothing.
Platform security is a persistent topic of interest to software developers, and offering developers a financial reward to identify possible issues missed by the internal team is common across OS makers.
Chrome OS’ dependence on web-based applications has given it an edge over platforms like Windows, where local software is commonplace, though as recent malware for Apple’s OS X has demonstrated, hackers aren’t snoozing on ways to break through security and get access to consumer’s data or even hold their files to ransom.