ie8 fix
Click Here

Googling Google

Christopher Dawson
Home / News & Blogs / Googling Google

Google dangles the Chrome carrot

By | January 30, 2010, 10:06am PST

Do you think you can find a hole in the Google Chrome browser? Google’s willing to pay you between $500 and $1337 (clever) for each and every one found. This challenge is Google’s way of showing confidence in their browser, and at the same time getting security experts to once-over the open source browser.

Any security related bug classified as high or critical priority in the open source Chromium or Google Chrome branch (stable, beta and dev) qualify for the prize.

That said, $500 - $1337 isn’t a lot of money though — some zero-day exploits can be sold on the black market for hundreds of thousands of dollars. It will be interesting to see if security experts take the bait on this one.

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Googling Google”

Topics

Google Inc., Security Expert, Web Browser, Web Browsers, Open Source, Security, Internet, Garett Rogers

Garett Rogers has always had a deep interest in computers and the Internet, which led him to a degree in Computer Information Systems. He is currently employed as a programmer for iQmetrix.

Disclosure

Garett Rogers

Garett Rogers is employed as a programmer for iQmetrix, which specializes in retail management software for the wireless industry. He has no other formal associations with any software or hardware companies.

Biography

Garett Rogers

Garett Rogers has always had a deep interest in computers and the Internet, which led him to a degree in Computer Information Systems. He is currently employed as a programmer for iQmetrix, which specializes in retail management software designed specifically for the cellular and electronics industry.

Garett's journey into Google started with his employer asking him to "get a better rank on Google." Diving into search engine optimization sparked his curiosity for how things work and led him to create a blog dedicated to what interests him most--Google.

Related Discussions on TechRepublic

Did you know you can take part in these discussions with your ZDNet membership?
Ask a Question Start a Discussion
46
Comments
Add Your Opinion

Join the conversation!

Just In

RE: Google dangles the Chrome carrot
3shao 20th Sep
@Johnny Vegas love and thanks for sharing ugg discount discount ugg discounted uggs
View in thread
0 Votes
+ -
File this under "Stupid PR tricks"
Johnny Vegas 30th Jan 2010
yawn.... been done before but never been of any value...
0 Votes
+ -
RE: Google dangles the Chrome carrot
3shao 20th Sep
@Johnny Vegas love and thanks for sharing ugg discount discount ugg discounted uggs
0 Votes
+ -
RE: Google dangles the Chrome carrot
Loverock Davidson 30th Jan 2010
Google is trying to bribe people to fix the holes in their browser for them. Apparently Google's staff are that incompetent to do it themselves, but that is what you can expect from Google's employees who only want to sit around playing with office toys all day.
0 Votes
+ -
I found two!
Marcos El Malo 30th Jan 2010
I've found two related "holes" in Chrome, where do I collect my money?

I have discovered a hole in Chrome that allows installation of two similar
pieces of malware, namely Flash and Silverlight.I've found two related
"holes" in Chrome, where do I collect my money?

I have discovered a hole in Chrome that allows installation of two similar
pieces of malware, namely Flash and Silverlight.

PS: I love you, Loverock. You're my favorite common tater.)
0 Votes
+ -
Flash and Silverlight are NOT malware... but if you're being sarcastic
Lerianis10 31st Jan 2010
You got the nail hit right on the head. Chrome NEEDS something like NoScript, that allows you to block ALL scripts on certain websites.... that is how I avoid bad websites in Opera and Firefox with Noscript installed..... just put them on the 'blocklist' in Opera and in NoScript and DONE!
0 Votes
+ -
RE: Google dangles the Chrome carrot
drclue 30th Jan 2010
Actually Google is not bribing people to fix the holes , simply to see if they can find any.

This type of idea is actually a responsible thing to do as it
provides a healthy form of "peer review".

Even the best of programmers can become code blind in the
course of a project, so those many second pairs of eyes
can spot not only obvious oversights , but probably more
importantly unique methods of attack that might not occur
to even the best of programmers.
0 Votes
+ -
It is called paid beta testing
Rama.NET 30th Jan 2010
The same thing as beta testing but you get token paid. If I were Google, I
would have offered Chrome OS based netbook for each tip that these
testers would give instead of $. For most of the engineers working in
OSS stuff $ is not the criteria, it is ego satisfaction.
--Ram--
0 Votes
+ -
Exactly, it is a "Peer Review", something...
DevJonny 1st Feb 2010
...any programmer / developer / software
engineer who's worked on a large scale project
should be familiar with.

It is not Google being lazy, it's part Google
saying their browser is secure, and if not then
we'll pay you to tell us so we can fix it.

It's makes good sense from a security &
development stand point.
0 Votes
+ -
Chrome is spyware. Don't use it!
sadly2010 30th Jan 2010
$oogle spies on you and sell it to spy agencies.
0 Votes
+ -
MS is virusware
Use_More_OIL_NOW 30th Jan 2010
Linux distro's are free and SECURE!
0 Votes
+ -
linux is sh*tware
IAmLegion20ll 30th Jan 2010
there's a reason it's free, it SUCKS!
  • Flagged
0 Votes
+ -
Wonderful
rahbm 31st Jan 2010
What a delight to read such an even-handed, introspective, and well
thought out analysis of the merits of Linux.

It is always a pleasure to find such a gem instead of the usual mindless
mud-slinging perpetrated by the MS bigots and shills.
0 Votes
+ -
They all report to security agencies
Uralbas 31st Jan 2010
Its their job, to keep us from danger. Now if you don't want to do so, you have the choice of Linux, where you can tweak the code at your hearts content.

But for that you have to know c++ and gtk or some other library.

Lol, your cellphone and car and cards tell spy agencies where you are and what you do and what you buy. So whats the problem with Chrome, it beats Firefox and works great, IE gives you viruses so, if you have nothing to be afraid off, why not use Chrome.

On the other hand, if you do things that need to be kept under cover, use IE, you will still be reported and you will be less efficient at it.
0 Votes
+ -
Even-handed, introspective, and well thought out
wcb42ad 1st Feb 2010
Right, and the post he was responding to by Use_More_OIL_NOW was even-handed, introspective, and well thought out? Mindless mud-slinging isn't just perpetrated by the MS crowd. There's offenders in every OS camp.
0 Votes
+ -
Even-handed and introspective
DeusExMachina 1st Feb 2010
"Linux distro's are free and SECURE!"

How is that mindless mudslinging? It is simply a statement of fact.
Windows could be the best OS ever, and 100% impenetrable, and it would
not change the fact that Linux is free and secure.
The only way you view this otherwise is if YOU have an OS bias. And are
overly sensitive to people preferring alternatives.
0 Votes
+ -
Try reading the whole posts - tiles included
wcb42ad 2nd Feb 2010
So his implying that all Windows machines were "virusware" as he did in the title of his post is supposed to NOT be mindless mudslinging? How? Care to justify that for me please? Even considering his statement that Linux is free and secure I didn't see any intelligent proof offered in his post to back his title statement up. I don't see how it can't be anything but mindless mudslinging no matter how you spin it - no better than the post he was replying to, or any of the previous posts in this chain of responses either for that matter.

Like I said in my previous post: there's offenders in every OS camp. How is that being "overly sensitive to people preferring alternatives"?
0 Votes
+ -
I did
DeusExMachina 3rd Feb 2010
While the title was unnecessary, as a statement it is not false. Total
number of Windows viruses for all variants of the OS vs total number
of Linux viruses for all variants of that OS. It is not even a fair fight.

And given MS' Johnny-come-lately attitude to security, where
monetization of ports has always been more important than locking
down the OS, I fail to see what is worth defending. In fact, although
Win7 IS a decently secure platform, it is not because of MS' deep-
seated commitment to security, it is due to the outcry in the market
and slipping numbers. MS had to be dragged kicking and screaming to
the OS security party. Their capitulation was profit driven, not
philosophy driven.
As are all their considerations.
0 Votes
+ -
you...
crabbypup 1st Feb 2010
you, sir, are an ass. how about actually using linux first before you start spewing your crap all over the internet?
0 Votes
+ -
"takes one to know one" much?
IAmLegion20ll 2nd Feb 2010
you call me an a$$, what's bad is I acted just like your propeller head brother use_more_oil_now ...so what does that say about you? your community? this blog was about Google and Chrome - no mention of of Microsoft anywhere, and there's no need to start touting off about the many distro's of linux...this blog is about one...Chrome

so call your fellow linux idiot an ass before you address me...

BTW...i've used linux, that's why I said it SUCKS; i'm speaking from experience
  • Flagged
0 Votes
+ -
Sure ya have
Wintel_BSOD 3rd Feb 2010
BTW...i've used linux, that's why I said it SUCKS; i'm speaking from experience

And you were prolly too dumb to get it to work. A typical reaction to failure, hence all the negative spam.
0 Votes
+ -
So google is spyware and ms is virusware - you're both right
HypnoToad72 1st Feb 2010
happy

And both provide cloud services, which means they are leeches. Their terms of service contracts give them a free helping hand to the intellectual property people work hard to create. No thanks, people should profit for themselves. Not for big leeches.
0 Votes
+ -
Chrome is not spyware
Lerianis10 31st Jan 2010
And they have had that thing that people were calling 'spyware' turned off in Chrome since version 3..... which was 2 versions ago and a 1 1/2 years ago, if you are using the Developer version like I am.
0 Votes
+ -
$oogle is spyware company!
sadly2010 31st Jan 2010
Don't install its s/w.
0 Votes
+ -
Then use SRWare's Iron...
DevJonny 1st Feb 2010
...which is a fork of the Chromium source code, in
the same way taht Chrome is a fork of Chromium.

http://www.srware.net/en/software_srware_iron.php
0 Votes
+ -
Yes, but ...
BrentRBrian 30th Jan 2010
... do I get to tell everyone it is MINE because I made a suggestion, like Win7 ... ?
0 Votes
+ -
Google Chome OS is the FUTURE
Use_More_OIL_NOW 30th Jan 2010
Like it or not, the end is coming for 'end' users
at Corps & companies having 'data storage' on their
machines. Big Corps will push this endeavor, once
that happens the domino's fall.

I *want* my data on my machine because I customize
my Linux distro and build it myself. However, I know
the end is coming on this, 10 years from now
operating systems on devices laptops/netbooks/workstations or
whatever will be a distant memory.
0 Votes
+ -
Great
Cylon Centurion 31st Jan 2010
Then I will stop using computers.
0 Votes
+ -
Great
Cylon Centurion 31st Jan 2010
Then I will stop using computers. There are things that should just not have a home inside a browser.

Nothing can ever replace a full featured OS.
0 Votes
+ -
Sure thing. OK. I hope you'll excuse me if
AllKnowingAllSeeing 31st Jan 2010
I don't run out and place any real money on that prediction, OK?
0 Votes
+ -
Chump change
Takalok 30th Jan 2010
And I suspect Google knows it. It makes for a great PR play - "Oh, we offered cash rewards for security wholes, but nobody found any."

Don't make me laugh. $500 for a security whole? They're not serious, and they're not interested in anyone trying.
0 Votes
+ -
Good point
rahbm 31st Jan 2010
To find a security hole in Chrome would take some truly serious effort,
and thus would be worth far more than just $1337. However, this offer
has obviously been aimed at amateur hackers who would be doing it
mainly for the kudos.

On the other hand, if MS offered $500 per security hole in IE, then
anyone with a little talent and dedication could become seriously rich!
0 Votes
+ -
Garrett did say it's low money..and it's hole, not whole...
DevJonny 1st Feb 2010
0 Votes
+ -
(how embarrassing)
Takalok 1st Feb 2010
I wasn't drinking when I posted - really..... I think
0 Votes
+ -
Comparing spammers with trolls
rahbm Updated - 31st Jan 2010
Looking at the spam posts (since removed), after flagging
them, I was struck by how close the literacy level of
spammers is to that of many of the MS trolls on here.

I wondered if they all came from the same people.

On reflection, however, I doubt it, as the spam posts -
despite their annoyance level - are actually more interesting
and likely more factual. They are certainly less offensive.
0 Votes
+ -
RE: Google dangles the Chrome carrot
sattary2010 31st Jan 2010
http://www.ase.com.jo/
Google chrome is not compatible with some websites thats
means they have problems opening some websites
0 Votes
+ -
Advise the webmaster
rahbm 31st Jan 2010
Whenever I find web sites which do not work well, I check that site in
Firefox, Opera, Safari, and Chrome, and let the webmaster know that the
web site does not render properly in browsers using industry standards.

On the other hand, if a site only fails in one of them, I let the browser
supplier know so they can rectify the browser issue, if appropriate.
0 Votes
+ -
RE: Google dangles the Chrome carrot
sattary2010 31st Jan 2010
and some crashes in pages
kill page error its a big problem am talking about these
problems becuse i like google chrome and want to slove it
for the best of it
0 Votes
+ -
RE: Google dangles the Chrome carrot
sattary2010 31st Jan 2010
add-ons applications its very important add-ons some
times useful so try to work on it too
regards
0 Votes
+ -
RE: Google dangles the Chrome carrot
trgibson4343 31st Jan 2010
Boy talk about holes there are so many, I could drive a truck through them.
I keep getting malware attacks - Thank GOD for malwarebytes - I have taken chrome off of all 3 of my machines.
BAD GOOGLE
0 Votes
+ -
RE: Google dangles the Chrome carrot
sirpaul1 1st Feb 2010
'Honest' people probably aren't going to find the exploits in the first place. 'Dishonest' people can make more money from other 'customers' or use the exploits to further their own goals.
I've been told by people who know a lot more than I do about programming not to use Chrome, IE or Safari because of the ease of overcoming security issues.
Not to say that Firefox or Opera don't have any issues, but they both take care of them in a more timely manner.
The first exploit took Google 2 months to fix (after 4 months of denial).Six months is NOT acceptable! Why not offer that expense and actually get something done?
0 Votes
+ -
Who you calling dishonest?
DeusExMachina Updated - 3rd Feb 2010
You clearly have no idea how the field of security research works.
"'Honest' people probably aren't going to find the exploits in the first
place. 'Dishonest' people can make more money from other
'customers' or use the exploits to further their own goals."

So what you are essentially saying is that all security researchers are
dishonest or stupid. The honest ones are too stupid to find problems,
and the smart ones all do it for cash.
In reality, the vast majority of security work is done at universities and
research centers, by honest researchers, who are already quite well-
paid by their respective institutions. The money is NOT there to satiate
their greed. It is there as a bonus for work they would have done
anyway, and as a material acknowledgement of their achievement.
It is actually a common industry practice.
0 Votes
+ -
$1337 (clever)
cwallen19803@... Updated - 1st Feb 2010
why is $1337 clever?
0 Votes
+ -
1337 = "Leet" in techno jargon..
Narg Updated - 1st Feb 2010
1337 is hacker speak for "Leet" which is short for "Elite" or special, top, best, etc etc.
0 Votes
+ -
1337!
TheDragonchk 1st Feb 2010
Oh yes, This is quite funny that they chose that
amount. happy
0 Votes
+ -
Charlie will offer more $ than google
KillBitX 1st Feb 2010
http://twitter.com/0xcharlie/status/8390229402
0 Votes
+ -
RE: Google dangles the Chrome carrot
saside 2nd Feb 2010
If you want to use chrome with total privacy use SRWare Iron. It's free, and i think it'd faster I'm using a vista OS with IE7. Try it you'll like it

Join the conversation!

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
ie8 fix

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources
ie8 fix
ie8 fix