Article Lead Image

Calling all hackers: Google would like to reward you for breaking it

All you have to do is find a zero-day vulnerabilty issues. No big deal. 


Aaron Sankin


Posted on Jan 24, 2014   Updated on May 31, 2021, 8:19 pm CDT

In an effort to improve security, the tech behemoth is inviting hackers of all stripes to find vulnerabilities in the Chrome operating system. The people who successfully find a hole in the company’s security will be rewarded with a portion of a $2.7 million pie.

The precise circumstances of this offer, however, are a bit more controlled than the most powerful tech company on the planet issuing a blanket challenge to the entire hacking world. If an enterprising hacker wants a piece of the prize money, he or she going to have to head over the CanSenWest Applied Security Conference being held in Vancouver, Canada this March and register for Google’s fourth annual Pwnium competition.

The program is an effort by Google to crowdsource its security procedures to minimize zero-day exploits, attacks based on previously unknown vulnerabilities in its systems. As such, winning hacks have to be based on previously unreported bug in the Chrome OS or other software drivers, work on an HP Chromebook 11 or and Acer Intel Chromebook and be accessible through the Chrome browser.

Individual rewards for a hack range between $110,000 and $150,000 with the total combined amount of the pot stretching up to $2.71828 million. In true nerdy Google fashion, 2.71828 is Euler’s number (represented as e), a mathematical constant that serves as the base of the natural logarithm.

The first two years Google held Pwnium, hackers found vulnerabilities, which were quickly fixed with patches. However, as Engadget reports, no one was able to breach Chrome’s security during last year’s competition, despite the company offering a $3.14159 million bounty. Apparently, all of Google’s prize dollar values are also math jokes.

Google has a standing offer for people who report exploitable bugs that was recently raised from $1,000 to $5,000 in the latter portion of last year. The company has thus far given out over $2 million as part of its bounty program.

While Google’s monetary rewards for hackers interested in helping it close holes in the security of its products are nothing to scoff at, hackers willing to sell their discovery of exploitable bugs to the highest bidder are often able to find more lucrative rewards elsewhere. As Chaouki Bekrar, CEO of French security firm Vupen, told Forbes, dishing details of novel hacking techniques to governments around the world is a very profitable business—especially when pitting multiple spy agencies against each other to incite bidding wars. ‟We wouldn’t share this with Google for even $1 million,” Bekrar explained. “We don’t want to give them any knowledge that can help them in fixing this exploit or other similar exploits. We want to keep this for our customers.”

On a possibly related note, residents of Italy, Brazil, Quebec, Cuba, Iran, Syria, North Korea, and Sudan are not eligible to participate in Google’s challenge.

The registration deadline for the competition is 5pm on Mar. 10.

Photo by Xhacker/Wikimedia Commons

Share this article
*First Published: Jan 24, 2014, 8:08 pm CST