Google is putting its money where its Chrome Web browser is. In a Chromium blog posting Chris Evans and Justin Schuh, two members of the Chrome security team, announced that Google will be offering ‘multiple rewards per category, up to the $1 million limit, on a first-come-first served basis’ for demonstrated security breaches of Chrome on Windows 7 .
That may be the safer bet than it sounds. Chrome, while not bullet-proof, is widely regarded as the more secure of the Web browsers. In CanSecWest Pwn2Own hacker contests, Chrome has never been broken.
In Google’s security challenge, which is not connected with 2012’s Pwn2Own competition, Google is looking for “full end-to-end exploits.” That way, “not only can we fix the bugs, but by studying the vulnerability and exploit techniques we can enhance our mitigations, automated testing, and sandboxing. This enables us to better protect our users.”
So, “To maximize our chances of receiving exploits this year, we’ve upped the ante. We will directly sponsor up to $1 million worth of rewards.” Here are the rule for the Chrome exploit competition: