Google offers patches to fix Chrome, $20K to crack it

Pwn2Own hacking contest bigger, richer than ever this year

Sober, serious security conferences are so much more fun when there's a giant publicity stunt and a big chunk of money at stake.

Google – a week after beefing up security and patching holes in its Chrome web browser – offered $20,000 to anyone who could hack it during the annual Pwn2Own hacking contest at the CanSecWest security conference in Vancouver, British Columbia.

The $20K comes on top of $14,000 Google paid in bounties to nine researchers who found the bulk of the 19 security flaws Google patched in Chrome Monday – a week before the hacking contest.

The worst of flaws were two that could allow malware to escape Chrome's sandbox, which keeps code within Chrome rather than allowing it to run loose throughout the rest of a user's system.

The money Google is offering is $5,000 more than the $15,000 available to the first hackers to crack Internet Explorer, Firefox and Safari.

The rules are a little different for Chrome, though, because of the sandbox. Hacks have to escape the sandbox and use a Chrome flaw to attack the system.

Half the money is coming from Google; the rest is from HP's TippingPoint, which sponsors the competition.

Google patched Chrome just before last year's Pwn2Own as well, but didn't offer a bounty to those who cracked it.

Kevin Fogarty writes about enterprise IT for ITworld. Follow him on Twitter @KevinFogarty.

ITWorld DealPost: The best in tech deals and discounts.
Shop Tech Products at Amazon