Google offers $20,000 to hack Chrome

Nicole Kobie February 3, 2011

Google is offering a $20,000 prize to anyone who can hack its Chrome browser.

Normally, the cash prize in the Pwn2Own hacking contest, part of CanSecWest in Vancouver in March, comes from sponsor Tipping Point.

However, reports say Google was going to be excluded from the contest because it uses WebKit, which is also the engine at the core of Apple’s Safari.

To get in, Google offered to pay up $20,000 and a CR-48 laptop running Chrome OS to anyone able to crack open the browser in the 30 minute time limit.

“Kudos to the Google security team for taking the initiative to approach us on this; we’re always in favor of rewarding security researchers for the work they too-often do for free,” Aaron Portnoy, manager of security research at Tipping Point, said in a blog post.

Contestants must escape the browser’s sandbox, but can only make use of holes in Google’s own code. If no-one manages that on the first day, attackers will be able to make use of flaws in non-Google code, but not third-party plugins.

Chrome is yet to be successfully hacked at the annual competition.

Aside from Chrome, contestents will also target the latest release candidate of Microsoft’s Internet Explorer, Mozilla’s Firefox and Apple’s Safari. It’s noteworthy that contest sponsor Tipping Point stresses it’s the latest release candidate, as both IE and Firefox are expected to ship the RC of the next full versions before the end of the month – just in time for Pwn2Own.

Cracking one of those three browsers will earn the victor $15,000, and a host of other prizes. Winners take home the laptop they cracked the browser on, but despite the CR-48 being used as a prize, it won’t be entered in the competition, leaving security researchers to take on the Chrome browser via Windows or Mac OS.

Smartphones will also be up for hacking. Contestants will take on the Dell Venue Pro running Windows Phone 7, the iPhone 4, Blackberry Torch 9800 and the Google Nexus S.