Posted January 29, 2010 2:59 pm by with 5 comments

Tweet about this on TwitterShare on LinkedInShare on Google+Share on FacebookBuffer this page

Everybody wants free money, right? Well, here’s one way to get it: find a bug in Google Chrome or Chromium, the open source code database behind the browser. Google is offering intrepid developers from $500 for pointing out “select interesting and original vulnerabilities.” The maximum award is $1337—no, seriously. You guys are just so freaking funny.

Of course, not just any bug will do—no need to spell check the GUI. The goal is to minimize security vulnerabilities in the browser, so only bugs along those lines will be eligible. They’re focusing on “high and critical impact” bugs, but “clever vulnerabilities” of any security level could be rewarded as well. To submit the bug, just use the usual Chromium bug tracker with the Security Bug template.

The maximum payout, of course, is reserved for bugs whose impact would be severe if not fixed. The dollar amount is a “clever” nod to the leet speak used among hackers. In the blog post, Google gives a nod to their inspiration, the Mozilla vulnerability reward program.

Most developers will be eligible to participate, however, “residents of countries where the US has imposed the highest levels of export restriction (e.g. Cuba, Iran, North Korea, Sudan and Syria)” cannot receive rewards, nor can minors (though Google says they’ll work with an adult representing a minor). Participants are also asked not to publicly disclose reported bugs until Google addresses them—then they’re free to speak openly.

What do you think? Did your weekend plans just change 😉 ?