In a move that I thought was brave, and pretty damn cool, Google invited hackers to try to hack Chrome. Great idea. Now that’s its a challenge, you’ll have some of the brightest minds helping you to expose holes in your browser. Well a winner was announced last week and it’s a great start for Google’s Chrome browser who looks to overtake Internet Explorer as the top browser choice worldwide.
Sundar Pichai writes on Google+,
“Congrats to long-time Chromium contributor Sergey Glazunov who just submitted our first Pwnium entry. Looks like it qualifies as a “Full Chrome” exploit, qualifying for a $60k reward. We’re working fast on a fix that we’ll push via auto-update. This is exciting; we launched Pwnium this year to encourage the security community to submit exploits for us to help make the web safer. We look forward to any additional submissions to make Chrome even stronger for our users.”
In an article from CNET,
“In an interview published by CNET sister site ZDNet, Justin Schuh of the Chrome security team said that Glazunov was able to execute “code with full permission of the logged-on user.” Schuh called the feat “impressive,” and said that it deserved the $60,000 bounty.
Glazunov is the first person to win cash from Google’s Pwnium competition. The company launched the contest in late February with promises of awarding up to $1 million to those who can find security holes in Chrome. The highest $60,000 prize is given only to those who can obtain “Chrome/Windows 7 local OS user account persistence using only bugs in Chrome itself.” A $40,000 prize will be awarded to individuals who can target Chrome with one of its own bugs, plus others found in the operating system. Google’s $20,000 award is given to those who can find issues without using bugs in Chrome.
“We require each set of exploit bugs to be reliable, fully functional end to end, disjoint, of critical impact, present in the latest versions and genuinely ’0-day,’ i.e. not known to us or previously shared with third parties,” Google wrote in its blog announcing the contest. “Contestant’s exploits must be submitted to and judged by Google before being submitted anywhere else.”
That’s pretty damn cool because if you look at it from the outside, the hackers are coming from a place of let me try to get in. The security team is trying to keep people out. What’s really cool is that you’re getting great minds that are thinking in different playing fields working towards a common goal. Plus, it gets the community involved. Google has always been about “being nice”, so this is a way to be nice and let everyone in on some fun. Security is going to be huge moving forward, especially with e-commerce booming, hackers are more determined than ever to steal cards and hack accounts. Thank goodness that Google has the stones to say, “Ok, we built it, now come and try to get in. In fact, we’ll pay you if you can.” Google, I tip my hat to thee.