Google pwnies up one million dollars for Chrome pwnage/exploits

[Vic Vandal <vvandal () well com>]

http://www.computerworld.com/s/article/9224701/Google_puts_1M_on_the_line_for_Chrome_exploit_rewards?source=CTWNLE_nlt_dailyam_2012-02-28

**article excerpt**
Google is ditching that $20,000 maximum scheme, and will put up to $1 million on the line at CanSecWest, said Evans and 
Schuh.

"We've upped the ante," said the engineers.

For what they called a "full Chrome exploit" -- one that successfully hacks Chrome on Windows 7 using only 
vulnerabilities in Chrome itself -- Google will pay $60,000, which is equivalent to Pwn2Own's top prize for that 
three-day contest.

A partial exploit that uses one bug within Chrome and one or more others -- perhaps in Windows -- earns a researcher 
$40,000. Finally, Google will pay $20,000 for "consolation" exploits that hack Chrome without using any vulnerabilities 
in the browser itself.

The only limit Google has put on the challenge is a maximum total payout of $1 million. "We will issue multiple rewards 
per category, up to the $1 million limit, on a first-come-first served basis,"
**excerpt end**

So in reality they may pay out as little as $20K, or nothing at all.  Offering $1-million simply ensures more 
publicity.  However it also ensures that some serious bug hunters will compete for those prize payouts.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.