Google doubled the bounty it will pay for a successful exploit of its Chromebook laptop to US$100,000, sweetening the pot in hopes of drawing more attention from security researchers.
The larger reward is intended for someone who finds a persistent compromise of a Chromebook in guest mode, according to Google’s security blog on Monday.
“Since we introduced the $50,000 reward, we haven’t had a successful submission,” Google wrote. “That said, great research deserves great awards, so we’re putting up a standing six-figure sum, available all year round with no quotas and no maximum reward pool.”
In guest mode, Chromebook has its highest defenses up: A guest can download files but can’t install apps, even from Google’s store. Creating malicious applications is one way attackers can try to install malware on a person’s computer.
Google has put in place several security measures to make Chromebooks more secure. It automatically downloads software updates, runs Web pages and applications in sandboxes and does a “verified boot” on startup, which will roll back the OS if it has been tampered with by malware.
Google describes what is needed for the top reward: The compromise, delivered through a Web page, must persist in guest mode even when the Chromebook is rebooted.
The company has also added a reward for attacks that can bypass Chrome’s Safe Browsing feature, which flags potentially malicious URLs.