Google has doubled the bounty for anyone that successfully hacks its Chrome OS to $100,000.
Last year, Google introduced a $50,000 bug bounty reward for the persistent compromise of a Chromebook in guest mode. But the company’s security team says it has not received a single successful submission and has therefore decided to up the ante to $100,000 (around £70,000).
"Since we introduced the $50,000 reward, we haven’t had a successful submission," Google said in a blog post. "That said, great research deserves great awards, so we’re putting up a standing six-figure sum, available all year round with no quotas and no maximum reward pool."
Google describes what is needed for the top reward: the compromise, delivered through a web page, must persist in guest mode even when the Chromebook is rebooted.
As part of its expanded bug bounty programme, Google has also added a Download Protection Bypass bounty, which means it's offering cash money rewards for methods that bypass Chrome’s Safe Browsing download protection features. The reward for this is a mere $1,000, though.
There are three qualifying rules in place:
- Google will only accept reports about issues that it is unaware of. In a case of multiple reports on the same issue, the first submission will be considered as the first bug report.
- Security bugs disclosed to other parties in the context of fixing the issues will qualify for the reward, but if the information is shared to mislead or for any other reason, the applicant will be rejected then and there.
- Under the “Trusted Researcher Program”, if any developer finds a bug and Google itself is unable to find the same bug within 48 hours, only then the developer will be entitled to the reward.
So far, Google boasts, it has paid out more than $2m in bug bounty rewards.
To hear more about security challenges, the threats they pose and how to combat them, sign up for V3's sister site Computing's Enterprise Security and Risk Management conference, taking place on 24 November.
Infected apps have been downloaded more than 50 million times
Customers of regular price-raising ISP and cable operator claim nationwide outages started on Monday
Pixel 2 smartphones and a Pixel-branded laptop also planned by Google
The moment you've all been waiting for...