Google Puts $1 Million, €744,000 on the Line for Chrome Exploits, Ditches Pwn2Own

Google is offering its own prizes in parallel with the popular competition

By on February 28th, 2012 14:31 GMT

Around this time each year, white-hat hackers and security experts get together to try to break the protection in popular browsers, Internet Explorer, Chrome, Firefox and Safari, in the Pwn2Own competition.

Hackers compete for cash prizes and get to keep the laptops they manage to "own." Ever since Chrome was introduced, no one has managed to break it. In fact, no one has tried, focusing instead on other browsers with laser security in the hope that it would be easier for them.

This doesn't mean that Chrome is unbreakable, but it's the same logic that real-life hackers up to no good would employ as well, focus on the most popular and the easier targets.

This year, to make sure that someone at least tries its hand at cracking Chrome, Google is offering up to $1 million, €744,000 in prizes for successful exploits.

There's a catch though, it won't be doing it in the official Pwn2Own competition, instead it will be running its own Pwnium challenge.

The reason for this is simple, new rules for the Pwn2Own competition don't require entrants to disclose the full exploits or even the bugs they used. That defeats the purpose of the whole thing as well as Google's motivation for sponsoring the event.

Google was supposed to offer cash prizes on top of the ones in the proper competition for exploits involving Chrome. It's still doing that, but not as an official sponsor.

There can be more than one winner, but they will be chosen on a first come, first served basis. Google will pay up to $1 million in total in rewards. Here's the full list of prizes Google is offering.

$60,000 [€44,700] - 'Full Chrome exploit': Chrome / Win7 local OS user account persistence using only bugs in Chrome itself.

$40,000 [€29,800] - 'Partial Chrome exploit': Chrome / Win7 local OS user account persistence using at least one bug in Chrome itself, plus other bugs. For example, a WebKit bug combined with a Windows sandbox bug.

$20,000 [€14,900] - 'Consolation reward, Flash / Windows / other': Chrome / Win7 local OS user account persistence that does not use bugs in Chrome. For example, bugs in one or more of Flash, Windows or a driver. These exploits are not specific to Chrome and will be a threat to users of any web browser. Although not specifically Chrome’s issue, we’ve decided to offer consolation prizes because these findings still help us toward our mission of making the entire web safer
- Google explained.

Comments