http://blog.chromium.org/2012/02/pwnium-rewards-for-exploits...

Snippet of what reward for what sort of hack:

$60,000 - “Full Chrome exploit”: Chrome / Win7 local OS user account persistence using only bugs in Chrome itself.

$40,000 - “Partial Chrome exploit”: Chrome / Win7 local OS user account persistence using at least one bug in Chrome itself, plus other bugs. For example, a WebKit bug combined with a Windows sandbox bug.

$20,000 - “Consolation reward, Flash / Windows / other”: Chrome / Win7 local OS user account persistence that does not use bugs in Chrome. For example, bugs in one or more of Flash, Windows or a driver. These exploits are not specific to Chrome and will be a threat to users of any web browser. Although not specifically Chrome’s issue, we’ve decided to offer consolation prizes because these findings still help us toward our mission of making the entire web safer.

I could propose to offer 1000 BILLIONS to anyone who exploit chrome and give $1 per exploit too (yeah im not Google so it's $1 for me).

I think Google is going that because security companies request such amounts for exploits before Pwn2Own to Google so that Google doesn't look bad.

And Google didn't take VUPEN's offer on all bugs, so VUPEN said they're going to go to Pwn2Own and break Chrome with their known exploits. So Google wants to come out as the good guy.

Yay for politics.

$20000~$60000 is not $1. The article explicitly states that they're withdrawing from Pwn2Own because of a new disclosure policy on exploits.

Am I missing something? The last I heard about VUPEN & chrome at pwn2own was like a year ago, and they weren't going to tell details on the exploits to anyone but the government. Though I always assumed that latter part was conspiracy theory, didn't think much of it...

Yes, it's sensationalist, Google offers $1 million in rewards to hackers who exploit Chrome would be much better.

Paging tptacek, paging tptacek to the thread...