Tuesday, February 2, 2010

Google Paying Up to $1337 for Chrome Bugs


Are you l33t enough to score the $1337?

The Google Chrome browser has been a choice of PC users for some time, and as of recently it's become an option for Linux and Mac users. The related Chromium project, the open source side to Chrome, has opened up a bounty system similar to Mozilla's to interest security researchers to encourage bug squashing.
Here are some of the details from the Q&A in Google's blog post:
Q) What reward might I get?
A) As per Mozilla, our base reward for eligible bugs is $500. If the panel finds a particular bug particularly severe or particularly clever, we envisage rewards of $1337. The panel may also decide a single report actually constitutes multiple bugs. As a consumer of the Chromium open source project, Google will be sponsoring the rewards.
Q) What bugs are eligible?
A) Any security bug may be considered. We will typically focus on High and Critical impact bugs, but any clever vulnerability at any severity might get a reward. Obviously, your bug won't be eligible if you worked on the code or review in the area in question.
Q) What about bugs present in Google Chrome but not the Chromium open source project?
A) Bugs in either build may be eligible. In addition, bugs in plugins that are part of the Chromium project and shipped with Google Chrome by default (e.g. Google Gears) may be eligible. Bugs in third-party plugins and extensions are ineligible.