back to article Google offers 'INFINITY MILLION DOLLARS' for bugs in Chrome

Google is vastly expanding its popular annual Pwnium hack fest, by allowing hackers to vie try for limitless amounts of cash every day of the year. The contest was previously held once a year at the CanSecWest conference in Canada, with millions in cash on offer to hackers who can take the shine off its Chromium project. The …

  1. Allan George Dyer Silver badge

    Google admits there are INFINITY MILLION bugs in Chrome!

    Remember, $∞ million / $50,000 = ∞ million

    Their next conference venue is the Hilbert Hotel.

    1. Tromos

      Re: Google admits there are INFINITY MILLION bugs in Chrome!

      Have they taken on some ex-Adobe people?

      1. Anonymous Coward
        Anonymous Coward

        Re: Google admits there are INFINITY MILLION bugs in Chrome!

        "Have they taken on some ex-Adobe people?"

        Or maybe poached from Oracle?

    2. big_D Silver badge

      Re: Google admits there are INFINITY MILLION bugs in Chrome!

      Yeah, that was my first thought. $∞ Million = $∞ Billion = $∞

      And I thought that Google were supposed to be math geniuses? :-S

      1. fch

        Re: Google admits there are INFINITY MILLION bugs in Chrome!

        The writer of the story doesn't get it, ∞ clearly is a peanut.

        Now if they'd offer ∞ ∞ , that'd really draw the monkeys !

    3. JeffyPoooh

      Try rendering without crashing for once in your pathetic life...

      Google Chrome browser on a Google Nexus tablet running Google Android.

      Navigate to and watch it crash and burn.

      Infuriating. Useless P.O.S. $250 tablet that DOES NOT WORK. Google's fault, with help from the empty-headed web coders at CBC.

      Google can't code their way out of a damp paper bag.

      1. logistix

        Re: Try rendering without crashing for once in your pathetic life...

        Works fine for me. Maybe you have something else installed causing problems, or a toolbar, or its already been fixed since you posted this? You should have used a link instead to one of your YouTube or pay per click videos/sites to make some money. Next time!

        1. JeffyPoooh

          Re: Try rendering without crashing for once in your pathetic life...

          logistix: "Works fine for me."

          Thus proving beyond a doubt that you're a Google sock puppet. ;-)

          Tablet has been reset six-ways from Sunday. It's Google's fault.

    4. Midnight

      Re: Google admits there are INFINITY MILLION bugs in Chrome!

      Their next conference venue is the Hilbert Hotel.

      I hope they make sure there are no other conferences booked there. The last time I stayed at that hotel they were all out of rooms.

      1. jaime

        Re: Google admits there are INFINITY MILLION bugs in Chrome!

        Won't be a problem since they'll just ask everyone to move up a room to make room LOL!

      2. herman Silver badge

        Re: Google admits there are INFINITY MILLION bugs in Chrome!

        Try Hotel California next time. They always have room.

  2. Adam 1

    If you find one, and it's not fixed in 90 days, can you also sell it to someone else?

  3. Mr C

    incentive & fame&glory vs. keeping exploits secret

    These hacking contest go back many many years,

    It's a good idea to offer money (=incentive) to get other people to find holes they themselves could not find.

    Having said that, the least prolific hackers (or government agencies, <insert favorite here>) are usually the most successful ones, they shy away from publicity and do not seek fame and glory, instead, choosing to keep any discovered holes and exploits closely guarded for these are worth much, much more than what companies are willing to offer.

  4. Anonymous Coward
    Anonymous Coward


    ... is slow and laggy on my Nexus 7 2013

    Please wire the 50k to my Cayman Islands account...

  5. xsf

    $∞ million?

    How is $∞ million different from $∞ ?

    1. Al_21

      Re: $∞ million?

      The "million" annoys me a lot more than I'd like to confess.

    2. Anonymous Coward
      Anonymous Coward

      Re: $∞ million?

      Some infinities are larger than others?

  6. tony2heads

    but everyone knows

    ∞ = -1/12

    Check out the Ramanujan summation

    1. Anonymous Coward

      Re: but everyone knows

      No. "Infinity" and "counting to infinity" (the set 1+2+3+...) are two different things. Counting to infinity = -1/12.

      (IIRC, citation for assistance: )

  7. Zog_but_not_the_first


    Isn't that a googleplex?

  8. hitmouse

    I've been following bugs in Chrome for years without any sight of an attempt to rectify them.

    In a nutshell, any bug that involves Chrome/Google actually recognising non-US dates, temperatures, or other measures simply does not rate.

    1. Tom 38

      That's not a bug, that's a missing feature. Big difference.

    2. Anonymous Coward
      Anonymous Coward

      "Isn't that a googleplex?"

      No - that's too small by infinity or so.

      1. ravenviz Silver badge

        No, you're thinking of a googolplex!

  9. Primus Secundus Tertius

    Simple infinity

    I am surprised hat the 'infinity' image at the top of the article is not a Möbius strip.

    1. Swarthy Silver badge
      Thumb Up

      Re: Simple infinity

      Wow.. good catch. That is a bit of an oops.

    2. Mephistro
      Thumb Up

      Re: Simple infinity

      Well spotted!

  10. Anonymous Coward
    Anonymous Coward

    beeelions of bugs

    That will have to be no more than $1 each or even Google will run out of money, because I keep on finding bugs.

    The latest - today for some reason when I hit the 'home' icon in Incognito mode I get redirected back to the same page I am already on (not my home page). Genius.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like

  • Cisco warns of security holes in its security appliances
    Bugs potentially useful for rogue insiders, admin account hijackers

    Cisco has alerted customers to another four vulnerabilities in its products, including a high-severity flaw in its email and web security appliances. 

    The networking giant has issued a patch for that bug, tracked as CVE-2022-20664. The flaw is present in the web management interface of Cisco's Secure Email and Web Manager and Email Security Appliance in both the virtual and hardware appliances. Some earlier versions of both products, we note, have reached end of life, and so the manufacturer won't release fixes; it instead told customers to migrate to a newer version and dump the old.

    This bug received a 7.7 out of 10 CVSS severity score, and Cisco noted that its security team is not aware of any in-the-wild exploitation, so far. That said, given the speed of reverse engineering, that day is likely to come. 

    Continue reading
  • How refactoring code in Safari's WebKit resurrected 'zombie' security bug
    Fixed in 2013, reinstated in 2016, exploited in the wild this year

    A security flaw in Apple's Safari web browser that was patched nine years ago was exploited in the wild again some months ago – a perfect example of a "zombie" vulnerability.

    That's a bug that's been patched, but for whatever reason can be abused all over again on up-to-date systems and devices – or a bug closely related to a patched one.

    In a write-up this month, Maddie Stone, a top researcher on Google's Project Zero team, shared details of a Safari vulnerability that folks realized in January this year was being exploited in the wild. This remote-code-execution flaw could be abused by a specially crafted website, for example, to run spyware on someone's device when viewed in their browser.

    Continue reading
  • Azure issues not adequately fixed for months, complain bug hunters
    Redmond kicks off Patch Tuesday with a months-old flaw fix

    Updated Two security vendors – Orca Security and Tenable – have accused Microsoft of unnecessarily putting customers' data and cloud environments at risk by taking far too long to fix critical vulnerabilities in Azure.

    In a blog published today, Orca Security researcher Tzah Pahima claimed it took Microsoft several months to fully resolve a security flaw in Azure's Synapse Analytics that he discovered in January. 

    And in a separate blog published on Monday, Tenable CEO Amit Yoran called out Redmond for its lack of response to – and transparency around – two other vulnerabilities that could be exploited by anyone using Azure Synapse. 

    Continue reading
  • Makers of ad blockers and browser privacy extensions fear the end is near
    Overhaul of Chrome add-ons set for January, Google says it's for all our own good

    Special report Seven months from now, assuming all goes as planned, Google Chrome will drop support for its legacy extension platform, known as Manifest v2 (Mv2). This is significant if you use a browser extension to, for instance, filter out certain kinds of content and safeguard your privacy.

    Google's Chrome Web Store is supposed to stop accepting Mv2 extension submissions sometime this month. As of January 2023, Chrome will stop running extensions created using Mv2, with limited exceptions for enterprise versions of Chrome operating under corporate policy. And by June 2023, even enterprise versions of Chrome will prevent Mv2 extensions from running.

    The anticipated result will be fewer extensions and less innovation, according to several extension developers.

    Continue reading
  • CISA and friends raise alarm on critical flaws in industrial equipment, infrastructure
    Nearly 60 holes found affecting 'more than 30,000' machines worldwide

    Updated Fifty-six vulnerabilities – some deemed critical – have been found in industrial operational technology (OT) systems from ten global manufacturers including Honeywell, Ericsson, Motorola, and Siemens, putting more than 30,000 devices worldwide at risk, according to private security researchers. 

    Some of these vulnerabilities received CVSS severity scores as high as 9.8 out of 10. That is particularly bad, considering these devices are used in critical infrastructure across the oil and gas, chemical, nuclear, power generation and distribution, manufacturing, water treatment and distribution, mining and building and automation industries. 

    The most serious security flaws include remote code execution (RCE) and firmware vulnerabilities. If exploited, these holes could potentially allow miscreants to shut down electrical and water systems, disrupt the food supply, change the ratio of ingredients to result in toxic mixtures, and … OK, you get the idea.

    Continue reading
  • Google: How we tackled this iPhone, Android spyware
    Watching people's every move and collecting their info – not on our watch, says web ads giant

    Spyware developed by Italian firm RCS Labs was used to target cellphones in Italy and Kazakhstan — in some cases with an assist from the victims' cellular network providers, according to Google's Threat Analysis Group (TAG).

    RCS Labs customers include law-enforcement agencies worldwide, according to the vendor's website. It's one of more than 30 outfits Google researchers are tracking that sell exploits or surveillance capabilities to government-backed groups. And we're told this particular spyware runs on both iOS and Android phones.

    We understand this particular campaign of espionage involving RCS's spyware was documented last week by Lookout, which dubbed the toolkit "Hermit." We're told it is potentially capable of spying on the victims' chat apps, camera and microphone, contacts book and calendars, browser, and clipboard, and beam that info back to base. It's said that Italian authorities have used this tool in tackling corruption cases, and the Kazakh government has had its hands on it, too.

    Continue reading
  • Halfords suffers a puncture in the customer details department
    I like driving in my car, hope my data's not gone far

    UK automobile service and parts seller Halfords has shared the details of its customers a little too freely, according to the findings of a security researcher.

    Like many, cyber security consultant Chris Hatton used Halfords to keep his car in tip-top condition, from tires through to the annual safety checks required for many UK cars.

    In January, Hatton replaced a tire on his car using a service from Halfords. It's a simple enough process – pick a tire online, select a date, then wait. A helpful confirmation email arrived with a link for order tracking. A curious soul, Hatton looked at what was happening behind the scenes when clicking the link and "noticed some API calls that seemed ripe for an IDOR" [Insecure Direct Object Reference].

    Continue reading
  • If you're using older, vulnerable Cisco small biz routers, throw them out
    Severe security flaw won't be fixed – as patches released this week for other bugs

    If you thought you were over the hump with Patch Tuesday then perhaps think again: Cisco has just released fixes for a bunch of flaws, two of which are not great.

    First on the priority list should be a critical vulnerability in its enterprise security appliances, and the second concerns another critical bug in some of its outdated small business routers that it's not going to fix. In other words, junk your kit or somehow mitigate the risk.

    Both of these received a CVSS score of 9.8 out of 10 in severity. The IT giant urged customers to patch affected security appliances ASAP if possible, and upgrade to newer hardware if you're still using an end-of-life, buggy router. We note that miscreants aren't actively exploiting either of these vulnerabilities — yet.

    Continue reading
  • Google, EFF back Cloudflare in row over pirate streams
    Ban akin to 'ordering a telephone company to prevent a person from having conversations' over its lines

    Google, EFF, and the Computer and Communications Industry Association (CCIA) have filed court documents supporting Cloudflare after it was sued for refusing to block a streaming site.

    Earlier this year, a handful of Israel-based media companies took to court, accusing it of streaming TV and movie content it had no right to distribute. The corporations — United King Film Distribution, D.B.S. Satellite Services, HOT Communication Systems, Charlton, Reshet Media and Keshet Broadcasting — won the lawsuit after's creators failed to show up to their hearings, and the judge ordered, and each pay $7,650,000 in damages. 

    In a more surprising move, however, the media outfits also won an injunction [PDF] in the United States in April against a slew of internet companies, among others, banning them from aiding in its piracy.

    Continue reading
  • Google has more reasons why it doesn't like antitrust law that affects Google
    It'll ruin Gmail, claims web ads giant

    Google has a fresh list of reasons why it opposes tech antitrust legislation making its way through Congress but, like others who've expressed discontent, the ad giant's complaints leave out mention of portions of the proposed law that address said gripes.

    The law bill in question is S.2992, the Senate version of the American Innovation and Choice Online Act (AICOA), which is closer than ever to getting votes in the House and Senate, which could see it advanced to President Biden's desk.

    AICOA prohibits tech companies above a certain size from favoring their own products and services over their competitors. It applies to businesses considered "critical trading partners," meaning the company controls access to a platform through which business users reach their customers. Google, Apple, Amazon, and Meta in one way or another seemingly fall under the scope of this US legislation. 

    Continue reading

Biting the hand that feeds IT © 1998–2022