http://www.computerworld.com/s/article/9224701/Google_puts_1M_on_the_line_for_Chrome_exploit_rewards?source=CTWNLE_nlt_dailyam_2012-02-28
**article excerpt** Google is ditching that $20,000 maximum scheme, and will put up to $1 million on the line at CanSecWest, said Evans and Schuh. "We've upped the ante," said the engineers. For what they called a "full Chrome exploit" -- one that successfully hacks Chrome on Windows 7 using only vulnerabilities in Chrome itself -- Google will pay $60,000, which is equivalent to Pwn2Own's top prize for that three-day contest. A partial exploit that uses one bug within Chrome and one or more others -- perhaps in Windows -- earns a researcher $40,000. Finally, Google will pay $20,000 for "consolation" exploits that hack Chrome without using any vulnerabilities in the browser itself. The only limit Google has put on the challenge is a maximum total payout of $1 million. "We will issue multiple rewards per category, up to the $1 million limit, on a first-come-first served basis," **excerpt end** So in reality they may pay out as little as $20K, or nothing at all. Offering $1-million simply ensures more publicity. However it also ensures that some serious bug hunters will compete for those prize payouts. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
