Google is behind both the Pwnium and Pwn2Own competitions
A disagreement over rules saw Google back out of sponsoring the Pwn2Own security competition last year and launch its own, Pwnium. Now through, Google and HP's ZDI, which organizes Pwn2Own, have teamed up once again and Google is more involved than ever.However, while Google is behind the 2013 Pwn2Own competition, it is also running another Pwnium competition, its third.
There is a twist though, since Chrome is already part of Pwn2Own and since both competitions will take place during the CanSecWest conference at the same time, Pwnium will now focus exclusively on Chrome OS.
Google is also bumping up the rewards to make sure people actually show up for the Pwnium 3 competition.
Google is prepared to shell out $110,000, €82,000 for any exploit, served from a web page, that gives attackers access to the Chromebook. This can be from either guest mode or while the user is logged in.
An exploit that can take over the Chromebook, persists even if the device is shut down and rebooted and affects all users, is worth $150,000, €110,000.
Anyone that can demonstrate an exploit which fits in any of the two categories will be eligible to get the prize, as long as the entire exploit is disclosed.
Google has $3.14159 million, €2.3361 million lined up for this. In case you're wondering, those are the first digits of the number pi.
Attackers will have a Samsung Series 5 550 as a target. It's the most expensive Chromebook, but it should make no difference, at the OS level all Chromebooks are virtually identical.
As for the regular Pwn2Own competition, Google is now a full sponsor and will pay part of the rewards for any exploit, i.e. not just those in Chrome.
However, Google was able to get its way and the rules this year are clear, any exploit and the bugs used in it must be revealed in full for it to qualify.