Google Chrome Slaps Hackers with a £12,500 Gauntlet

Last week Microsoft had to patch up Internet Explorer (again) due to security issues.

As I remarked at the end of that article, I use Chrome and Google is willing to bet £12,500 of its own money that hackers wont be able to crack Chrome.

The challenge is set to take place at the annual CanSecWest Pwn2Own contest – this is the place where browsers and smartphones are taken to the sacrificial altar of hackdom in order to see just how secure their systems are.

Google reckon that their cash is safe as Chrome was the only browser left standing at the end of last year’s contest – hence the $20,000 prize pot.

As well as that very tempting cash prize the triumphant hacker will also get a CR-48 Chrome OS laptop if they manage to do the do on day 1 – the task being to compromise a 64-bit system via any vulnerabilities found in Google’s code. On days 2 and 3 Google is offering $10,000.

Event sponsors TippingPoint ZDI are offering the same amount for non-Google exploits.

Google is so confident because of the way Chrome is ‘sandboxed’. HTML and JavaScript processes are isolated, and each tab is boxed-in separately from the rest of the computer. That basically means that even if a hacker is able to find a way in they still will have to find a way out of the sandbox to actually attack the rest of the system. Escaping the sandbox is so tricksy it has been enough to put hackers off from attacking Chrome – Internet Explorer on the other hand…. 😉

Internet Explorer, Safari, and Firefox will be tested so hackers have a chance of swiping $15,000 from either Microsoft, Apple or Mozilla.

Hackers will also be let loose on a selection of mobile devices. The Dell Venue Pro, Apple iPhone 4, BlackBerry Torch 9800 and Google Nexus S by Samsung will be representing the Windows Phone 7, iOS, BlackBerry 6 and Android operating systems.

Pwn2Own 2011 takes place on 9 March.

Enhanced by Zemanta