Google Offers $100000 Bounty To Hack A Chromebook

If as a child you told your parents you wanted to be a bug hunter when you grow up, they'd probably dismiss the notion before telling you to go wash your hands before supper. But had you stuck with it, you could now show your parents just how lucrative it is to hunt bugs—programming bugs, that is. In fact, you can collect a cool $100,00 for rooting out a specific type of bug in Chromebooks.

That's the new top reward for discovering a persistent compromise of a Chromebook in guest mode (i.e. guest to guest persistence with interim reboot, delivered via a web page). Google previously tried to tempt security researchers with a $50,000 top prize, but since introducing the reward, it hasn't a received a single successful submission. The Mountain View firm hopes that by doubling the reward to six figures, it will entice security researchers to devote more time to rooting out Chromebook vulnerabilities.


"Great research deserves great awards, so we're putting up a standing six-figure sum, available all year round with no quotas and no maximum reward pool," Google stated in a blog post.

In other words, it doesn't matter how many qualifying bugs you find, Google will pay $100,000 for each and every one of them. If you find two qualifying vulnerabilities, that's $200,000, and if you find 10 qualifying bugs, that's a million bucks!

Google also said it's extending the scope of its bug bounty program to include rewards for methods that bypass Chrome's Safe Browsing download protection features. The rules are as follows:
  • Safe Browsing must be enabled on Chrome and have an up-to-date database (this may take up to a few hours after a new Chrome install).
  • Safe Browsing servers must be reachable on the network.
  • Binary must land in a location a user is likely to execute it (e.g. Downloads folder).
  • The user can’t be asked to change the file extension or recover it from the blocked download list.
  • Any gestures required must be likely and reasonable for most users. As a guide, execution with more than three reasonable user gestures (eg: click to download, open .zip, launch .exe) is unlikely to qualify, but it’ll be judged on a case-by-case basis. The user can’t be expected to bypass warnings.
  • The download should not send a Download Protection Ping back to Safe Browsing. Download Protection Pings can be measured by checking increments to counters at chrome://histograms/SBClientDownload.CheckDownloadStats. If a counter increments, a check was successfully sent (with excpetion to counter #7, which counts checks that were not sent).
  • The binary’s hosting domain and any signature can not be on a whitelist. You can measure this by checking chrome://histograms/SBClientDownload.SignedOrWhitelistedDownload does not increment.
Bug bounties are popular and effective ways for major tech companies with deep pockets to beef up the security of its products. Last year alone, Google paid out over $2 million to security researchers for discovering qualifying vulnerabilities.