Google will pay $100,000 if you can hack a Chromebook


Google announced that they will double its bounty for their Chrome Reward Program from $50,000 to $100,000. Since 2010, they have been paying money to anyone who have discovered vulnerabilities in both of their equipment and programs. In fact, Google has paid over $6 million to security researchers just last year but despite all of that, still, no one has successfully crack their Chromebook security.

Since we introduced the $50,000 reward, we haven’t had a successful submission... That said, great research deserves great awards, so we’re putting up a standing six-figure sum, available all year round with no quotas and no maximum reward pool. 

The company has also added a wide range of rewards for smaller bugs. If you found a bug with a complete solution to fix it, then you will be payed $1,337. They've also included a Download Protection Bypass bounty in which you will get paid if you bypass Chrome's Safe Browsing download protection features. Here are all of the qualifying rules you need to consider:
  • Safe Browsing must be enabled on Chrome and have an up-to-date database (this may take up to a few hours after a new Chrome install).
  • Safe Browsing servers must be reachable on the network.
  • Binary must land in a location a user is likely to execute it (e.g. Downloads folder).
  • The user can’t be asked to change the file extension or recover it from the blocked download list.
  • Any gestures required must be likely and reasonable for most users. As a guide, execution with more than three reasonable user gestures (eg: click to download, open .zip, launch .exe) is unlikely to qualify, but it’ll be judged on a case-by-case basis. The user can’t be expected to bypass warnings.
  • The download should not send a Download Protection Ping back to Safe Browsing. Download Protection Pings can be measured by checking increments to counters at chrome://histograms/SBClientDownload.CheckDownloadStats. If a counter increments, a check was successfully sent (with exception to counter #7, which counts checks that were not sent).
  • The binary’s hosting domain and any signature can not be on a whitelist. You can measure this by checking chrome://histograms/SBClientDownload.SignedOrWhitelistedDownload does not increment.

Google also says that they're interested in rewarding any information that enables them to better protect their users even for discovered bugs that are not specifically included on their list.
Google will pay $100,000 if you can hack a Chromebook Google will pay $100,000 if you can hack a Chromebook Reviewed by Unknown on 1:13 PM Rating: 5

No comments:

Lazada Philippines
Powered by Blogger.