Google bets hackers £12,500 that Chrome is unhackable

Google is putting its money where its browser is, betting £12,500 that hackers can't breach Chrome. It's upped the ante at the annual CanSecWest Pwn2Own contest, which pits hackers against browsers and smart phones to see which systems are secure -- and which need to sort their security.

Chrome was this only browser left standing at the end of last year's contest, so Google has decided to make things more interesting, sweetening the pot to the tune of $20,000.

Hackers could win that twenty large and a CR-48 Chrome OS laptop if they succeed on the first day, compromising a 64-bit system via vulnerabilities found in Google's code. On the second and third days, Google offers $10,000. Event sponsors TippingPoint ZDI are offering the same amount for non-Google exploits.

Google is so confident because of the way Chrome is 'sandboxed'.  HTML and JavaScript processes are isolated, and each tab is boxed-in separately from the rest of the computer. That means that even if hackers find a bug to exploit, they have to find a way out of the sandbox to actually attack the rest of the system. Escaping the sandbox is so tough hackers shied away from Chrome completely in previous years.

Internet Explorer, Safari, and Firefox will be tested too, potentially earning successful hackers $15,000 from Microsoft, Apple or Mozilla.

Hackers will also be let loose on a selection of mobile devices. The Dell Venue Pro, Apple iPhone 4, BlackBerry Torch 9800 and Google Nexus S by Samsung smart phones will represent the Windows Phone 7, iOS, BlackBerry 6 and Android operating systems. Hackers must be able to compromise data from the phone.

Pwn2Own 2011 takes place on 9 March.

Image: Google Chrome comic by Scott McCloud