Many companies seek to outsource the finding of vulnerabilities in their products to external hackers, offering monetary rewards in exchange for details on successful hacks that they can fix. In a show that should both display their faith in the security of the Chromebook as well as entice more hackers and security experts to probe the laptops for vulnerabilities, Google has doubled the previous bounty offered for a Chromebook hack to $100,000.
This new and larger reward has a high bar set for anyone wishing to challenge the Chromebook’s security. In order to qualify for the full $100,000 bounty, a hack must be demonstrated that is delivered through a web page accessed in guest mode and have the compromise persist in guest mode, even between boots of the device. The reason this hack is challenging is that while in guest mode, a Chromebook is employing its highest levels of security. A guest user can download files, but is forbidden from installing apps, even those officially released from Google’s store, which circumvents one of the major angles of attack that are used by hackers. Chromebooks are also set to automatically install updates, runs all of its software in sandboxed environments and even has a “verified boot” function, which can detect if the OS is compromised by malware on boot and roll it back to a clean version.
“Since we introduced the $50,000 reward, we haven’t had a successful submission,” Google wrote on their security blog. “That said, great research deserves great awards, so we’re putting up a standing six-figure sum, available all year round with no quotas and no maximum reward pool.” Whether that means that no-one can hack the Chromebook or simply not enough people have tried remains to be seen, but we will have to see whether anyone will be able to claim this bounty in the near future