Skip to main content

Google offering up to $1 million if someone finds a bug on its Chrome

Google has put up a challenge to all hackers - up to $1 million rewards and one free Chromebook if someone finds a bug on its Chrome.

The aim of our sponsorship is simple: we have a big learning opportunity when we receive full end-to-end exploits. Not only can we fix the bugs, but by studying the vulnerability and exploit techniques we can enhance our mitigations, automated testing, and sandboxing. This enables us to better protect our users.

While we’re proud of Chrome’s leading track record in past competitions, the fact is that not receiving exploits means that it’s harder to learn and improve. To maximize our chances of receiving exploits this year, we’ve upped the ante. We will directly sponsor up to $1 million worth of rewards in the following categories:

$60,000 - “Full Chrome exploit”: Chrome / Win7 local OS user account persistence using only bugs in Chrome itself.

$40,000 - “Partial Chrome exploit”: Chrome / Win7 local OS user account persistence using at least one bug in Chrome itself, plus other bugs. For example, a WebKit bug combined with a Windows sandbox bug.

$20,000 - “Consolation reward, Flash / Windows / other”: Chrome / Win7 local OS user account persistence that does not use bugs in Chrome. For example, bugs in one or more of Flash, Windows or a driver. These exploits are not specific to Chrome and will be a threat to users of any web browser. Although not specifically Chrome’s issue, we’ve decided to offer consolation prizes because these findings still help us toward our mission of making the entire web safer.

All winners will also receive a Chromebook.

» Pwnium: rewards for exploits | The Chromium Blog

Popular Posts

Ho Ching named 5th most powerful and is mistaken as first lady by Forbes

Forbes named Singapore Prime Minister wife and CEO of Temasek Holdings, Ho Ching, as the 5th most powerful woman in the world. Ho Ching is mistaken as Singapore's first lady! OMG!

I wonder how can Forbes makes such a blunder. For a complete list, refer to here.

My opinion on PRUinvestor guaranteed plus product

I got to know of Prudential's new product PRUinvestor guaranteed plus only recently.

From agents, it is said to be 1) 100% Capital Guaranteed at maturity, 2) 2.5% p.a. interest guaranteed (Total 13.14%), 3) able to accept both cash and SRS, 4) and telling people application date for such "cool" product is ending soon but that's not really the case. I do not like the way products are marketed by agents.

1. 100% Capital Guaranteed at maturity

It is not really 100% guaranteed if it is guaranteed upon 36 months.

2. Sometimes marketed as 13.14%

This is a common tactic to "fool" aunties and uncles who are unaware of the compounding effect.

3. Able to accept SRS

At the rate of 2.5% p.a., I would say investing SRS monies in such product does not make sense to me since the new CPF interest rate structure is close to 2.5% p.a. too. At least CPF is truly 100% capital guaranteed.

4. Publish application date to be earlier than actual

This tactic attempts to make consumers make r…

How to stop FortiClient from starting automatically?

Installed FortiClient recently but the challenge in disabling the application/service from running automatically on every start-up annoyed me. Attempt to stop 'FortiClient Service Scheduler' only return 'Parameter is incorrect' error message.

An article on Technet help solve my trouble. To stop FortiClient from starting automatically, try the following:
Shut down FortiClient from the system tray.
Run net stop fortishield on command prompt.
Run msconfig.
On msconfig, switch to the Services tab. Clear the FortiClient Service Scheduler check box and click Apply.Run services.msc on command prompt to open up show all available services.Look for FortiClient Service Scheduler. Switch Startup type to Manual.Restart your computer. FortiClient should not be running automatically the next time round. Hope it helps.