Naked Security Naked Security

Google says hack Chromebook, get $100K richer

Google had 0 successful submissions, so it doubled the bounty. "Get rich or hack trying," Google says, your fingers still twitching away.
Written by
March 16, 2016
Naked Security bug bounty ChromeBook Download Protection Bypass Google Safe Browsing

Last year, Google got zero, zip, zilch successful submissions for hacking Chromebook.

So this year, it’s getting more serious still about rooting out security failure: it’s doubling the already healthy $50,000 bounty to six decimal dollar digits: $100,000.

Google, which has paid out more than $6 million in bug bounties since it started the program in 2010, announced the beefed-up reward on its Security Blog on Monday.

Nathan Parker, “Chrome Defender,” and Tim Willis, “Hacker Philanthropist,” said that since Google introduced a $50,000 reward for the persistent compromise of a Chromebook in guest mode last year, it’s had no successful submission.

A persistent compromise on a Chromebook in guest mode would be one in which an attacker’s code sticks around on the device even after it’s rebooted. Such an attack would rear its head again in subsequent guest-mode sessions.

Since “great research deserves great awards,” Google says it’s putting up a standing six-figure sum, available all year round: no quotas, no maximum reward pool.

Separately, it’s also extending its reward program to cover methods that bypass Chrome’s Safe Browsing download protection features.

In December, Google said that its Safe Browsing service was already protecting about 1 billion desktop users from all sorts of online nastiness, be it malware, unsavory software, or social engineering (particularly phishing) sites.

Then, it put Android users under the Safe Browsing umbrella, extending Safe Browsing inoculation to Chrome users on Android.

Google added unwanted software download warnings to its Safe Browsing service in August 2014 to give users a heads-up when software was doing something sneaky – like switching your homepage or other browser settings to ones you don’t want, piggybacking on another app’s installation, or collecting or transmitting private information without letting a user know, among other things.

Now, it wants to reward those who find a way to get nastyware past Safe Browsing.

It’s got details on its reward program page, including that it will shell out $1,000 for a high-quality report of a Download Protection Bypass.

Image of Hacker courtesy of Shutterstock.com

About the Author

Read Similar Articles