Google patches Chrome in advance of hacker challenge
Pays researchers to find 19 flaws on eve of Pwn2Own
- By Kevin McCaney
- Mar 01, 2011
Having offered a $20,000 prize to anyone who could hack its Chrome browser at next week’s Pwn2Own contest, Google has paid almost as much to nine bug researchers to find flaws in Chrome.
Gregg Keizer writes in NetworkWorld that Google on Monday patched 19 vulnerabilities, after paying the researchers $14,000 to find them.
Google did the same thing last year before the Pwn2Own contest, hosted annually at the CanSecWest security conference in Vancouver, B.C. It was the only browser not successfully hacked at the 2010 conference.
The contest is organized by security software company TippingPoint, which was not going to invite Chrome this year after it was not hacked in 2010, TechCrunch reported. So Google put up $20,000 for anyone who can perform a sophisticated hack on Chrome.
In the contest, a successful attack must compromise the browser using a sandbox escape, exploiting Google code on a Windows 7 machine.
With the prize money offered by TippingPoint and Google, hackers stand to win a total of $125,000 for exploiting the Chrome, Internet Explorer, Firefox and Safari browsers, and the Windows Phone 7, Apple iOS, BlackBerry 6 OS and Google Android OS mobile phone OSes.
The conference will be held March 9-11.
Kevin McCaney is a former editor of Defense Systems and GCN.