Google Will Pay You $100,000 to Hack a Chromebook

  • MORE

If you can hack a Chromebook remotely, you might get a fat check from Google. The Chrome security team has doubled its top "bug bounty" to $100,000, payable to the first person who compromises a Chromebook or Chromebox machine through the Web.

acer chromebook r11 nw g05

The catch is that the compromise has to work on Chrome OS's limited Guest mode and survive a system reboot — or, in hacker terms, achieve persistence.

Until yesterday (March 14), Google offered only  $50,000 for the top prize in its Chrome Reward Program. In a post on the Google Security Blog, two Chrome development staffers said no one had submitted a working entry.

MORE: Best Chromebooks Available Now

Guest mode on Chrome OS disables most browser extensions and apps, and, like Incognito mode, prevents the retention of browsing histories and cookies. Unlike the regular user, who signs in with a Google account, a guest user has very little leeway to alter anything about the machine.

If a hacker managed to compromise guest mode on a Chromebook with persistence, it would be a severe failure of Chrome OS security — which is why the Chrome developers want to see if it can be done.

"Great research deserves great awards," the developers wrote in their blog post. "We’re putting up a standing six-figure sum, available all year round with no quotas and no maximum reward pool."

Other bug bounties applicable to both Chrome OS and the Chrome browser range from zero to $15,000.

Bounty programs like Google's are arguably in the public interest. (Other tech companies, such as Facebook, offer similar prizes.) Paying researchers and would-be hackers to discreetly disclose information about software flaws and possible exploits directly to developers is a win-win scenario. The hacker gets a chance at a big payoff, and the company gets a chance to fix its software.

The alternatives would be unfettered public disclosure of unpatched flaws, which benefits no one, or back-channel exploit sales to online criminals or nation-state intelligence agencies, which keeps a company in the dark and its clients vulnerable to attack.

Author Bio
Andrew E. Freedman
Andrew E. Freedman,
Andrew joined in 2015, reviewing computers and keeping up with the latest news. He holds a M.S. in Journalism (Digital Media) from Columbia University. A lover of all things gaming and tech, his previous work has shown up in Kotaku, PCMag and Complex, among others. Follow him on Twitter @FreedmanAE.
Andrew E. Freedman, on
Add a comment
  • Tomstah Says:

    I feel mine might've been hacked, but this Is after me messing around with it developer mode. Can't sign in anymore and in guest mode if you load a page, it stays until it finishes loading then does the `Oh, Snap` error. Honestly I'm not sure though, but it does seem a bit too 'targeted' for a glitch.

  • Sharp Mind Says:

    Yahooo. I hacked a chrome book.

  • Amrit raj Says:

    First give me a chromobook , then i will think about it

  • Grinners Says:

    Bounty programs like Google's are arguably in the public interest. <- there is no argument about it.

Back to top