Google has doubled the bounty for anyone that successfully hacks its Chrome OS to $100,000.
Last year, Google introduced a $50,000 bug bounty reward for the persistent compromise of a Chromebook in guest mode. But the company’s security team says it has not received a single successful submission and has therefore decided to up the ante to $100,000 (around £70,000).
"Since we introduced the $50,000 reward, we haven’t had a successful submission," Google said in a blog post. "That said, great research deserves great awards, so we’re putting up a standing six-figure sum, available all year round with no quotas and no maximum reward pool."
Google describes what is needed for the top reward: the compromise, delivered through a web page, must persist in guest mode even when the Chromebook is rebooted.
As part of its expanded bug bounty programme, Google has also added a Download Protection Bypass bounty, which means it's offering cash money rewards for methods that bypass Chrome’s Safe Browsing download protection features. The reward for this is a mere $1,000, though.
There are three qualifying rules in place:
- Google will only accept reports about issues that it is unaware of. In a case of multiple reports on the same issue, the first submission will be considered as the first bug report.
- Security bugs disclosed to other parties in the context of fixing the issues will qualify for the reward, but if the information is shared to mislead or for any other reason, the applicant will be rejected then and there.
- Under the “Trusted Researcher Program”, if any developer finds a bug and Google itself is unable to find the same bug within 48 hours, only then the developer will be entitled to the reward.
So far, Google boasts, it has paid out more than $2m in bug bounty rewards.
To hear more about security challenges, the threats they pose and how to combat them, sign up for V3's sister site Computing's Enterprise Security and Risk Management conference, taking place on 24 November.
And, yep, it'll run Android rather than RiscOS
US engineering giant's cost-cutting outsourcing plan is on the rocks, according to insiders
HP Envy X2 laptop only affordable if you've got loadsamoney
Counterfeit code-signing certificates enabling hackers to hide malware being sold by cyber criminals
Certificates can be used as part of layered obfuscation to evade detection by anti-virus software