Hacking Google Chrome: 2 million dollars up for grabs

For the second edition of the Pwnium hacking competition, Google is offering up to 2 million dollars in rewards.

Google has demonstrated confidence in their web browser’s security against hackers. For the second edition of the Pwnium hacking competition, Google has put up to two million dollars on the table for those who can crack Chrome’s security.

Pwnium 2 will take place on the 10th of October 2012 during the Hack In The Box conference in Kuala Lumpur, Malaysia. Any hacker who uses a Google Chrome vulnerability (and only a Google Chrome vulnerability) to take control of a Windows 7 machine (Acer Aspire V5 laptop) will receive the highest reward possible - 60 000 dollars.

A successful attack uses a bug in Chrome’s code and other security bugs in third party software will receive up to 50 000 dollars. Exploiting a non-chrome vulnerability (via Flash, Windows or any other program) could be worth 40 000 dollars.

Google also reserves the right to study partial executions where they remain in the sandbox (Chrome sandbox protection; isolation from the rest of the system) to determine whether a prize is deserved.

The first Pwnium competition held in March last year (as a side to the CanSecWest conference) had up to a million dollars in prizes. Sergey Glazunov and PinkiePie each received 60 000 dollars for a full exploit which allowed them to take control of a system (Windows 7 machine with Chrome) by getting around the browsers sandbox protection by using bugs in the browsers security. These vulnerabilities we then corrected in less than 24 hours.

Besides Pwnium, Google has also re-priced the rewards for the discovery and reporting of security faults through their Chromium Vulnerability Rewards program.