by Lekan Olanrewaju
Google announced Monday the launch of a hacking competition, with cash awards of up to $1million for anyone who can hack its Chrome browser during its Pwnium security challenge next week in Vancouver at the CanSecWest conference.
The challenge will run alongside the $15,000 Pwn2Own contest that runs each year at CanSecWest, which challenges researchers to exploit vulnerabilities in fully patched browsers and other software.
Last year, Google offered a $20,000 award in addition to the $15,000 Pwn2Own prize, for anyone who could successfully hack Chrome, but there were no winners, leaving Chrome as the only browser eligible for the Pwn2Own contest which has never been successfully brought down.
“We require each set of exploit bugs to be reliable,” Google wrote on its blog “fully functional end to end, disjoint, of critical impact, present in the latest versions and genuinely ’0-day,’ i.e. not known to us or previously shared with third parties.”
The awards are as follows, for up to a total of $1million.
$60,000 – “Full Chrome exploit”: Chrome / Win7 local OS user account persistence using only bugs in Chrome itself.
$40,000 – “Partial Chrome exploit”: Chrome / Win7 local OS user account persistence using at least one bug in Chrome itself, plus other bugs. For example, a WebKit bug combined with a Windows sandbox bug.
$20,000 – “Consolation reward, Flash / Windows / other”: Chrome / Win7 local OS user account persistence that does not use bugs in Chrome.
For example, bugs in one or more of Flash, Windows or a driver. These exploits are not specific to Chrome and will be a threat to users of any web browser. “Although not specifically Chrome’s issue, we’ve decided to offer consolation prizes because these findings still help us toward our mission of making the entire web safer.”