Google has once again upped the ante for bug hunters concentrating on Chrome, and is now offering $100,000 to anyone capable of achieving a compromise of a Chromebook or Chromebox (the desktop variant of the Chromebook laptop) with device persistence in guest mode (i.e. guest to guest persistence with interim reboot, delivered via a web page).
“Since we introduced the $50,000 reward, we haven’t had a successful submission. That said, great research deserves great awards, so we’re putting up a standing six-figure sum, available all year round with no quotas and no maximum reward pool,” the company announced on Monday.
Chromebook is Google’s pride and joy, and when it comes to security, it offers multiple layers of protection (automatic updates, sandboxing, verified boot, data encryption, recovery mode).
“Google’s increase of awards I believe shows that the company is seeing significant ROI from the program,” Ken Westin, Security Analyst for CyberSecurity.io, told Help Net Security.
“By reaching out to broader security community they are able to access a larger talent pool around the world to review their security. In many respects you cannot hire some of this kind of talent. By increasing the bounty they are also being cognizant of the amount of time and resources some of these folks to find these vulnerabilities. This will help keep the community motivated and in general help them with thought leadership in security.”