Google is again offering cash prizes for hackers who can find security holes in its Chrome web browser during an annual conference in Vancouver this March.
This year, hackers at the CanSecWest security conference can earn up to $60,000 for each “full Chrome exploit” related to a bug in the browser and $40,000 for each “partial Chrome exploit,” Google said on its Chromium Blog this week, ahead of the March 7-9 conference.
It is also offering $20,000 “consolation” prizes for those who find security holes unrelated to a bug in Chrome itself, but related to Flash, Windows or other drivers and therefore able to affect multiple browsers.
Google already offers prizes for hackers who find security bugs in Chrome anytime through its Chromium Security Rewards program. In two years, the program has paid out $300,000. (Marcio Jose Sanchez/Associated Press)Winners will also receive a Chromebook, a notebook built on the Google Chrome operating system derived from the browser.
In total, Google said it could pay out up to $1 million in prizes, a figure significantly higher than the $20,000 it offered on the first day of the conference last year and the $10,000 it was offering in addition to $10,000 from its co-sponsor, the Zero Day Initiative.
Google calls the contest “a big learning opportunity” that helps it improve its own testing and security procedures.
CBC business commentator Kevin O’Leary said he thinks the contest is a “fantastic idea” because of all the free promotion Google is getting for running the contest in the first place.
Google already offers prizes for hackers who find security bugs in Chrome anytime through its Chromium Security Rewards program. In two years, the program has paid out $300,000, including base rewards ranging from $500 to $3,133.70 for finding bugs and bonuses of $500 to $1,000 for fixing a newly discovered bug.
A number of other companies and groups have similar programs, including Facebook, which began offering at least $500 per bug last July and paid out $40,000 in the first month of its “bug bounty” program.