Google bets $20K that Chrome can't be hacked

Adds prize money to this year's Pwn2Own browser hacking contest

By , Computerworld |  Security, browser, browser security

Google will pay $20,000 to the first researcher who successfully exploits its Chrome browser at this year's Pwn2Own hacking contest.

The award is the largest ever for the annual challenge, which will kick off for the fifth time at the CanSecWest security conference in Vancouver, British Columbia, on March 9.

At this year's Pwn2Own, researchers will pit exploits against machines running Windows 7 or Mac OS X as they try to bring down Microsoft's Internet Explorer, Mozilla's Firefox, Apple's Safari and Chrome.

The first researchers to hack IE, Firefox and Safari will receive $15,000 and the machine running the browser. The prizes are $5,000 more than those given for exploiting browsers at the last Pwn2Own contest, and three times more than the 2009 awards.

"We've upped the ante this time around and the total cash pool allotted for prizes has risen to a whopping $125,000," said Aaron Portnoy, the manager of HP TippingPoint's security research team.

TippingPoint, which is again sponsoring Pwn2Own, set the contest's rules Wednesday in a blog post written by Portnoy .

New this year is Google 's participation. The company is the first browser vendor to put money into the prize kitty. "Kudos to the Google security team for taking the initiative to approach us on this," Portnoy said.

The rules for Chrome are slightly different than for the other browsers because it's the only one of the four that uses a "sandbox," an anti-exploit defense. A sandbox isolates system processes, preventing or at least seriously hindering malware from escaping an application -- in this case Chrome -- to wreak havoc on the computer.

To exploit a sandboxed program like Chrome, researchers require not one but two vulnerabilities: The first to allow their attack code to escape the sandbox, and a second to exploit a Chrome bug.

Other software developers have followed in Chrome's footsteps to try to make their applications more secure. Last year, for example, Adobe added a sandbox -- derived in part from Google's work -- to its popular Reader program.


Originally published on Computerworld |  Click here to read the original story.
Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question