Andy Greenberg, Forbes StaffGoogle Offers $3.14159 Million In Total Rewards For Chrome OS Hacking Contest
Google has never been stingy when it comes to paying for information about security vulnerabilities in its products. Now it’s offering an especially large–and especially nerdy–sum of money.
At its third Pwnium hacking competition in Vancouver in March, the company is ponying up a total of $3.14159 million in prizes for hackers who can demonstrate critical security vulnerabilities in its Chrome OS operating system running on a Samsung Series 5 550 Chromebook, according to a notice posted Monday on its Chromium blog. Any participant who can take over a Chromebook user’s browser or entire computer via a malicious Web page can earn a $110,000 payout. And if the hacker can maintain persistent control over the system between reboots of the machine, he or she can win $150,000.
Those prizes are a significant bump over Google’s already generous rewards for hackers who demonstrate flaws in its products and share information to help fix them. Though the total, pi-sized bounty is mostly a marketing gimmick–Google has only ended up paying out a few hundred thousand dollars of its $1 and $2 million dollar total offerings in previous Pwniums contests – its $150,000 reward is $90,000 more than it’s offered in the past for any single hack.
Correction: A previous version of this story stated that the reward was $30,000 more than Google had offered for a single hacking technique in the past. In fact, its maximum payout was $60,000 for a successful Chrome exploit.http://www.forbes.com/sites/andygreenberg/2013/01/28/google-offers-3-14159-million-in-total-rewards-for-chrome-os-hacking-contest/
Thursday, March 7, 2013
Stable Channel Update
The Stable channel has been updated to 25.0.1364.160 for Windows, Mac, and Linux
. This release contains security fixes.
Security fixes and rewards:
Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.
 High CVE-2013-0912: Type confusion in WebKit. Credit to Nils and Jon of MWR Labs.http://googlechromereleases.blogspot.co.uk/2013/03/stable-channel-update_7.html