Google has updated its bug bounty program and doubled a reward for a particular type of Chromebook exploit. According to the new terms of Google’s bug bounty program, it has doubled the reward on offer to anyone who can compromise the security of a Chromebook in guest mode from US $50,000 to US$100,000.
Google Gives $100,000 To Hack Chromebook:
Google has also added a Download Protection Bypass bounty. In short, the company is offering rewards for methods that bypass Chrome’s Safe Browsing download protection features. The qualifying reward rules are as follows:
Safe Browsing must be enabled on Chrome and have an up-to-date database (this may take up to a few hours after a new Chrome install).Safe Browsing servers must be reachable on the network. Binary must land in a location a user is likely to execute it (e.g. Downloads folder). The user can’t be asked to change the file extension or recover it from the blocked download list.Any gestures required must be likely and reasonable for most users. As a guide, execution with more than three reasonable user gestures (eg: click to download, open .zip, launch .exe) is unlikely to qualify, but it’ll be judged on a case-by-case basis. The user can’t be expected to bypass warnings.The download should not send a Download Protection Ping back to Safe Browsing. Download Protection Pings can be measured by checking increments to counters at chrome://histograms/SBClientDownload.CheckDownloadStats. If a counter increments, a check was successfully sent (with exception to counter #7, which counts checks that were not sent).The binary’s hosting domain and any signature cannot be on a whitelist. You can measure this by checking chrome://histograms/SBClientDownload.SignedOrWhitelistedDownload does not increment.
Google typically offers between US$500 and US$15,000 for reported bugs depending on the quality of reporting. Earlier in January, Google said that it paid well over $2 million (€1.8 million) as bug bounty rewards for security experts around the globe. Ever since the program started in 2010, Google said it paid researchers more than $6 million (€5.4 million).
Δ
