Must Read: Mint 15: Today's best Linux desktop (Review)

Topic: Security

Google dangles the Chrome carrot

Summary: Do you think you can find a hole in the Google Chrome browser? Google's willing to pay you between $500 and $1337 (clever) for each and every one found.

Garett Rogers

By Garett Rogers for Googling Google |

Do you think you can find a hole in the Google Chrome browser? Google's willing to pay you between $500 and $1337 (clever) for each and every one found. This challenge is Google's way of showing confidence in their browser, and at the same time getting security experts to once-over the open source browser.

Any security related bug classified as high or critical priority in the open source Chromium or Google Chrome branch (stable, beta and dev) qualify for the prize.

That said, $500 - $1337 isn't a lot of money though -- some zero-day exploits can be sold on the black market for hundreds of thousands of dollars. It will be interesting to see if security experts take the bait on this one.

Topics: Security, Browser, Google, Open Source

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

46 comments
Log in or register to join the discussion

  • File this under "Stupid PR tricks"

    yawn.... been done before but never been of any value...
    Johnny Vegas
    Reply Vote

    • RE: Google dangles the Chrome carrot

      @Johnny Vegas love and thanks for sharing <a href="http://www.uggsdiscounts.org">ugg discount</a> <a href="http://www.uggsdiscounts.org">discount ugg</a> <a href="http://www.uggsdiscounts.org">discounted uggs</a>
      3shao
      Reply Vote

  • RE: Google dangles the Chrome carrot

    Google is trying to bribe people to fix the holes in their browser for them. Apparently Google's staff are that incompetent to do it themselves, but that is what you can expect from Google's employees who only want to sit around playing with office toys all day.
    Loverock Davidson
    Reply Vote

    • I found two!

      I've found two related "holes" in Chrome, where do I collect my money?

      I have discovered a hole in Chrome that allows installation of two similar
      pieces of malware, namely Flash and Silverlight.I've found two related
      "holes" in Chrome, where do I collect my money?

      I have discovered a hole in Chrome that allows installation of two similar
      pieces of malware, namely Flash and Silverlight.

      PS: I love you, Loverock. You're my favorite common tater.)
      Marcos El Malo
      Reply Vote

      • Flash and Silverlight are NOT malware... but if you're being sarcastic

        You got the nail hit right on the head. Chrome NEEDS something like NoScript, that allows you to block ALL scripts on certain websites.... that is how I avoid bad websites in Opera and Firefox with Noscript installed..... just put them on the 'blocklist' in Opera and in NoScript and DONE!
        Lerianis10
        Reply Vote

  • RE: Google dangles the Chrome carrot

    Actually Google is not bribing people to fix the holes , simply to see if they can find any.

    This type of idea is actually a responsible thing to do as it
    provides a healthy form of "peer review".

    Even the best of programmers can become code blind in the
    course of a project, so those many second pairs of eyes
    can spot not only obvious oversights , but probably more
    importantly unique methods of attack that might not occur
    to even the best of programmers.
    drclue
    Reply Vote

    • It is called paid beta testing

      The same thing as beta testing but you get token paid. If I were Google, I
      would have offered Chrome OS based netbook for each tip that these
      testers would give instead of $. For most of the engineers working in
      OSS stuff $ is not the criteria, it is ego satisfaction.
      --Ram--
      Ram U
      Reply Vote

    • Exactly, it is a "Peer Review", something...

      ...any programmer / developer / software
      engineer who's worked on a large scale project
      should be familiar with.

      It is not Google being lazy, it's part Google
      saying their browser is secure, and if not then
      we'll pay you to tell us so we can fix it.

      It's makes good sense from a security &
      development stand point.
      DevJonny
      Reply Vote

  • Chrome is spyware. Don't use it!

    $oogle spies on you and sell it to spy agencies.
    sadly2010
    Reply Vote

    • MS is virusware

      Linux distro's are free and SECURE!
      Use_More_OIL_NOW
      Reply Vote

      • linux is sh*tware

        there's a reason it's free, it SUCKS!
        IAmLegion20ll
        Reply Vote

        • Wonderful

          What a delight to read such an even-handed, introspective, and well
          thought out analysis of the merits of Linux.

          It is always a pleasure to find such a gem instead of the usual mindless
          mud-slinging perpetrated by the MS bigots and shills.
          rahbm
          Reply Vote

          • They all report to security agencies

            Its their job, to keep us from danger. Now if you don't want to do so, you have the choice of Linux, where you can tweak the code at your hearts content.

            But for that you have to know c++ and gtk or some other library.

            Lol, your cellphone and car and cards tell spy agencies where you are and what you do and what you buy. So whats the problem with Chrome, it beats Firefox and works great, IE gives you viruses so, if you have nothing to be afraid off, why not use Chrome.

            On the other hand, if you do things that need to be kept under cover, use IE, you will still be reported and you will be less efficient at it.
            Uralbas
            Reply Vote

          • Even-handed, introspective, and well thought out

            Right, and the post he was responding to by Use_More_OIL_NOW was even-handed, introspective, and well thought out? Mindless mud-slinging isn't just perpetrated by the MS crowd. There's offenders in every OS camp.
            wcb42ad
            Reply Vote

          • Even-handed and introspective

            "Linux distro's are free and SECURE!"

            How is that mindless mudslinging? It is simply a statement of fact.
            Windows could be the best OS ever, and 100% impenetrable, and it would
            not change the fact that Linux is free and secure.
            The only way you view this otherwise is if YOU have an OS bias. And are
            overly sensitive to people preferring alternatives.
            SpiritusInMachina
            Reply Vote

          • Try reading the whole posts - tiles included

            So his implying that all Windows machines were "virusware" as he did in the title of his post is supposed to NOT be mindless mudslinging? How? Care to justify that for me please? Even considering his statement that Linux is free and secure I didn't see any intelligent proof offered in his post to back his title statement up. I don't see how it can't be anything but mindless mudslinging no matter how you spin it - no better than the post he was replying to, or any of the previous posts in this chain of responses either for that matter.

            Like I said in my previous post: there's offenders in every OS camp. How is that being "overly sensitive to people preferring alternatives"?
            wcb42ad
            Reply Vote

          • I did

            While the title was unnecessary, as a statement it is not false. Total
            number of Windows viruses for all variants of the OS vs total number
            of Linux viruses for all variants of that OS. It is not even a fair fight.

            And given MS' Johnny-come-lately attitude to security, where
            monetization of ports has always been more important than locking
            down the OS, I fail to see what is worth defending. In fact, although
            Win7 IS a decently secure platform, it is not because of MS' deep-
            seated commitment to security, it is due to the outcry in the market
            and slipping numbers. MS had to be dragged kicking and screaming to
            the OS security party. Their capitulation was profit driven, not
            philosophy driven.
            As are all their considerations.
            SpiritusInMachina
            Reply Vote

        • you...

          you, sir, are an ass. how about actually using linux first before you start spewing your crap all over the internet?
          crabbypup
          Reply Vote

          • "takes one to know one" much?

            you call me an a$$, what's bad is I acted just like your propeller head brother use_more_oil_now ...so what does that say about you? your community? this blog was about Google and Chrome - no mention of of Microsoft anywhere, and there's no need to start touting off about the many distro's of linux...this blog is about [b]one[/b]...Chrome

            so call your fellow linux idiot an ass before you address me...

            BTW...i've used linux, that's why I said it SUCKS; i'm speaking from experience
            IAmLegion20ll
            Reply Vote

          • Sure ya have

            [i]BTW...i've used linux, that's why I said it SUCKS; i'm speaking from experience[/i]

            And you were prolly too dumb to get it to work. A typical reaction to failure, hence all the negative spam.
            Wintel_BSOD
            Reply Vote
CNET Join | Log In | Privacy | Cookies Close