Posted January 29, 2010 2:59 pm by with 5 comments

Tweet about this on TwitterShare on LinkedInShare on Google+Share on FacebookBuffer this page

Everybody wants free money, right? Well, here’s one way to get it: find a bug in Google Chrome or Chromium, the open source code database behind the browser. Google is offering intrepid developers from $500 for pointing out “select interesting and original vulnerabilities.” The maximum award is $1337—no, seriously. You guys are just so freaking funny.

Of course, not just any bug will do—no need to spell check the GUI. The goal is to minimize security vulnerabilities in the browser, so only bugs along those lines will be eligible. They’re focusing on “high and critical impact” bugs, but “clever vulnerabilities” of any security level could be rewarded as well. To submit the bug, just use the usual Chromium bug tracker with the Security Bug template.

The maximum payout, of course, is reserved for bugs whose impact would be severe if not fixed. The dollar amount is a “clever” nod to the leet speak used among hackers. In the blog post, Google gives a nod to their inspiration, the Mozilla vulnerability reward program.

Most developers will be eligible to participate, however, “residents of countries where the US has imposed the highest levels of export restriction (e.g. Cuba, Iran, North Korea, Sudan and Syria)” cannot receive rewards, nor can minors (though Google says they’ll work with an adult representing a minor). Participants are also asked not to publicly disclose reported bugs until Google addresses them—then they’re free to speak openly.

What do you think? Did your weekend plans just change 😉 ?


  • Pingback: Free Cash: Find a Bug in Google Chrome | Daily Hot Topic()

  • Auto Tweet

    Have ‘they’ cracked?

    It’s the internet version of ‘come and get me’! Inviting people to snoop and rewarding them for it. At least google will get some free testing.
    .-= Auto Tweet´s last blog ..How to Get Started on Twitter and Facebook =-.

    • Jordan McCollum

      Quite the opposite. They’re using sophisticated developers to identify and report vulnerabilities in their software so they can fix them before someone else exploits them. What’s stupid about that?

  • Reel Corner

    Wow! This is interesting. I’ll use Chrome now and find some bugs for real cash!
    .-= Reel Corner´s last blog ..Hello world! =-.

  • Nitesh Patel @techmadly

    nice information mate
    i will try to find out some … but my chrome just fine
    .-= Nitesh Patel @techmadly´s last blog ..List of 17+ SEO and Webmaster tools =-.