TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
Google chrome hack me if ya can!
1. Google Chrome: Hack Me If Ya Can!
In a move that I thought was brave, and pretty damn cool, Google invited hackers to try to hack
Chrome. Great idea. Now that’s its a challenge, you’ll have some of the brightest minds helping
you to expose holes in your browser. Well a winner was announced last week and it’s a great
start for Google’s Chrome browser who looks to overtake Internet Explorer as the top browser
choice worldwide.
Sundar Pichai writes on Google+,
“Congrats to long-time Chromium contributor Sergey Glazunov who just submitted our first
Pwnium entry. Looks like it qualifies as a “Full Chrome” exploit, qualifying for a $60k reward.
We’re working fast on a fix that we’ll push via auto-update. This is exciting; we launched
Pwnium this year to encourage the security community to submit exploits for us to help make the
web safer. We look forward to any additional submissions to make Chrome even stronger for our
users.”
In an article from CNET,
2. “In an interview published by CNET sister site ZDNet, Justin Schuh of the Chrome security team
said that Glazunov was able to execute “code with full permission of the logged-on user.” Schuh
called the feat “impressive,” and said that it deserved the $60,000 bounty.
Glazunov is the first person to win cash from Google’s Pwnium competition. The company
launched the contest in late February with promises of awarding up to $1 million to those who
can find security holes in Chrome. The highest $60,000 prize is given only to those who can
obtain “Chrome/Windows 7 local OS user account persistence using only bugs in Chrome itself.”
A $40,000 prize will be awarded to individuals who can target Chrome with one of its own bugs,
plus others found in the operating system. Google’s $20,000 award is given to those who can
find issues without using bugs in Chrome.
“We require each set of exploit bugs to be reliable, fully functional end to end, disjoint, of
critical impact, present in the latest versions and genuinely ’0-day,’ i.e. not known to us or
previously shared with third parties,” Google wrote in its blog announcing the contest.
“Contestant’s exploits must be submitted to and judged by Google before being submitted
anywhere else.”
That’s pretty damn cool because if you look at it from the outside, the hackers are coming from a
place of let me try to get in. The security team is trying to keep people out. What’s really cool is
that you’re getting great minds that are thinking in different playing fields working towards a
common goal. Plus, it gets the community involved. Google has always been about “being
nice”, so this is a way to be nice and let everyone in on some fun. Security is going to be huge
moving forward, especially with e-commerce booming, hackers are more determined than ever
to steal cards and hack accounts. Thank goodness that Google has the stones to say, “Ok, we
built it, now come and try to get in. In fact, we’ll pay you if you can.” Google, I tip my hat to
thee.
About WheresBigFoot: WheresBigFoot is a part of Global Internet Marketing Company
specializing in SEO web marketing and Pay per Click Advertising. Sign up an account today to
advertise your website. Learn more about WheresBigFoot by visiting us at Advertising Pay per
Click, PPC Search and Search Advertising