Google Will Pay You $100,000 to Hack a Chromebook

  • MORE

If you can hack a Chromebook remotely, you might get a fat check from Google. The Chrome security team has doubled its top "bug bounty" to $100,000, payable to the first person who compromises a Chromebook or Chromebox machine through the Web.

acer chromebook r11 nw g05

The catch is that the compromise has to work on Chrome OS's limited Guest mode and survive a system reboot — or, in hacker terms, achieve persistence.

Until yesterday (March 14), Google offered only  $50,000 for the top prize in its Chrome Reward Program. In a post on the Google Security Blog, two Chrome development staffers said no one had submitted a working entry.

MORE: Best Chromebooks Available Now

Guest mode on Chrome OS disables most browser extensions and apps, and, like Incognito mode, prevents the retention of browsing histories and cookies. Unlike the regular user, who signs in with a Google account, a guest user has very little leeway to alter anything about the machine.

If a hacker managed to compromise guest mode on a Chromebook with persistence, it would be a severe failure of Chrome OS security — which is why the Chrome developers want to see if it can be done.

"Great research deserves great awards," the developers wrote in their blog post. "We’re putting up a standing six-figure sum, available all year round with no quotas and no maximum reward pool."

Other bug bounties applicable to both Chrome OS and the Chrome browser range from zero to $15,000.

Bounty programs like Google's are arguably in the public interest. (Other tech companies, such as Facebook, offer similar prizes.) Paying researchers and would-be hackers to discreetly disclose information about software flaws and possible exploits directly to developers is a win-win scenario. The hacker gets a chance at a big payoff, and the company gets a chance to fix its software.

The alternatives would be unfettered public disclosure of unpatched flaws, which benefits no one, or back-channel exploit sales to online criminals or nation-state intelligence agencies, which keeps a company in the dark and its clients vulnerable to attack.

Author Bio
Andrew E. Freedman
Andrew E. Freedman,
Andrew joined Laptopmag.com in 2015, reviewing computers and keeping up with the latest news. He holds a M.S. in Journalism (Digital Media) from Columbia University. A lover of all things gaming and tech, his previous work has shown up in Kotaku, PCMag and Complex, among others. Follow him on Twitter @FreedmanAE.
Andrew E. Freedman, on
Add a comment
10 comments
  • Jakob Blachly Says:

    I have found numerous bugs in the system but when I report them no one does anything what do they want me to do. Please read this and respond because I find great intreastes in the chromebooks info and I would like to help more but when no one does anything no on will fix anything.

  • michaela thomas Says:

    stop mr laney from hacking google and the games like dress up slither io and others too.

  • michaela thomas Says:

    stop mr laney from hacking google and the games like dress up slither io and others too.

  • Joe Collins Says:

    I like what you are doing here

  • Barb Stepard Says:

    I haven't been able to get any gmail for about 3-4 wks now. When I called gmail tech, after 45 min on phone with him, he told me that my gmail was being hacked at that moment by 3 different people, in Georgia, Phillipines, and Canada, and that to get my gmail acct back, I'd be charged $159. for one year protection, or $259. for 2 yrs. I have not been able to use my Toshiba Chromebook II since that day, except as a guest, because this 'gmail tech' gave me a new password which does not work & I cannot get on with my old one, so I'm screwed...so much for Chromebook not being able to be hacked..oh, 6 months ago I was hacked and had to take my Cbook to computer store to have it stripped. I have never done any banking on this laptop. It's useless to me now, and only 1 & half yrs old.I have Comcast but they can do nothing for me. Thanks for listening. Barb

  • Michael Says:

    So where do i pick up my check?

  • Tomstah Says:

    I feel mine might've been hacked, but this Is after me messing around with it developer mode. Can't sign in anymore and in guest mode if you load a page, it stays until it finishes loading then does the `Oh, Snap` error. Honestly I'm not sure though, but it does seem a bit too 'targeted' for a glitch.

  • Sharp Mind Says:

    Yahooo. I hacked a chrome book.

  • Amrit raj Says:

    First give me a chromobook , then i will think about it

  • Grinners Says:

    Bounty programs like Google's are arguably in the public interest. <- there is no argument about it.

Back to top