."Google is looking to reward those who can find a vulnerability in its Chrome browser.
Software companies tend to dissuade users from finding and broadcasting exploits, but Google will pay $20,000 for a skilled hack at the Pwn2Own 2011 event, being held March 9-11. Organized by security software company TippingPoint, Pwn2Own is an annual computer hacking contest held during the CanSecWest security conference in Vancouver, BC.
Cash prizes for hacks have been offered in the past by TippingPoint, but this year marks a first for third-party sponsorship -- namely by Google.
"Kudos to the Google security team for taking the initiative to approach us on this; we're always in favor of rewarding security researchers for the work they too-often do for free," wrote Aaron Portnoy, manager of the security research team at TippingPoint, in a released statement.
Google may be feeling somewhat confident in putting up the money. Last year, its Chrome browser was the only browser to withstand hackers' attempts to find vulnerabilities. Internet Explorer, Firefox and Safari were not so lucky.
To be considered a successful vulnerability discovery, hackers must compromise the browser using a sandbox escape (only exploiting Google-generated code in its browser) on a Windows 7 machine. Along with the $20,000 prize, the company will also award the winner its first version of the Google Chrome OS laptop, the CR-48.
All told, including Google's prize money, Pwn2Own organizers will be offering a total of $125,000 in prize money to those who can find flaws in the aforementioned Web browsers, as well as holes in the following mobile phone OSes: Windows Phone 7, Apple iOS, BlackBerry 6 OS and Google Android OS.
Hackers will have strict requirements in discovering a vulnerability in the mobile phone OSes.
"A successful attack against these devices must require little to no user interaction and must compromise useful data from the phone," Portnoy wrote. "Any attack that can incur cost upon the owner of the device (such as silently calling long-distance numbers, eavesdropping on conversations, and so forth) is within scope