Google Offering $20k for Chrome Sandbox Exploit

[HardOCP News]

If you want a crack at $20,000 you better brush up on your 1337 |-|4><0r skillz and attend the 2011 Pwn2Own contest.

The prize is part of this year&#8217;s CanSecWest Pwn2Own contest, which will pit some of the world&#8217;s best security researchers and exploit writers against popular web browsers and mobile devices. During last year&#8217;s contest, Google Chrome was the only browser left standing but with the enhanced cash prize &#8212; and publicity that goes along with a successful Chrome netbook hack &#8212; there is a strong likelihood that someone will take aim at Chrome this year.

 

[D-OveRMinD]

MS and Apple:
"PLEASE, no one find our bugs."

Google:
"PLEASE help us by finding any bugs."

 

[Semantics]

MS and Apple:
"PLEASE, no one find our bugs."

Google:
"PLEASE help us by finding any bugs."

? Microsoft plays companies to go though their products and finds issues so they can patch it up before the product is sent out. Google just lets random people find holes and pays them, microsoft pays for a service, google pays for results.

 

[mcginnis]

That's awesome need to dust off them skillz.

 

[munkle]

Apple:
You're doing wrong.

Fixed.

 

[munkle]

Fixed.

doing it*

no edit button is teh suck.

 

[dalec]

The $20k prize is for breaking the Chrome browser, not Chrome OS. The rules even explicitly state that Chrome OS is not an acceptable target; see:

http://dvlabs.tippingpoint.com/blog/2011/02/02/pwn2own-2011

From the section "Target: Web Browsers",

Google CR-48 running ChromeOS (no attacks against this device, it is merely a prize. The Chrome target will be running on the other laptops)

- dale

 

[devil22]

This is just the sandbox if I'm reading this correctly. Afaik, IE's sandbox has never been broken either (well there was a Vista pre-SP1 bug, but besides that...)

 

[rat]

Prediction: Apple will be the first to fall for the 4th year in a row.