The first Pwnium competition was a huge success. Only two people entered the contest and both of the one the grand prize. Pwnium was created by Google as an alternative to the popular Pwn2Own contest in which hackers are tasked with breaking into devices using browser vulnerabilities.
Google was a big sponsor of the contest, but backed out this year and came up with its own alternative, because hackers are not required to share the code to the exploits they use, explain how they work or even hint at the bugs they are exploiting.
Knowing that its browser has a vulnerability but now knowing what it is and how to fix it is of no use to any browser maker, Hence Pwnium.
Now, Google is already working on Pwnium 2 and, as you can imagine, it's upping the ante. It's doubling it in fact, Google is promising rewards of up to $2 million for any demonstrable exploits in Chrome and the bugs behind them.
"It will be held on Oct 10th, 2012 at the Hack In The Box 10 year anniversary conference in Kuala Lumpur, Malaysia. This time, we’ll be sponsoring up to $2 million worth of reward," Google wrote
The rewards are somewhat similar to those the first time around, but Google is more generous with "lesser" or partial exploits, in an effort to encourage more contributions, not just overly complicated ones. Here's what Google is doling out.- $60,000: “Full Chrome exploit”: Chrome / Win7 local OS user account persistence using only bugs in Chrome itself.
- $50,000: “Partial Chrome exploit”: Chrome / Win7 local OS user account persistence using at least one bug in Chrome itself, plus other bugs. For example, a WebKit bug combined with a Windows kernel bug.
- $40,000: “Non-Chrome exploit”: Flash / Windows / other. Chrome / Win7 local OS user account persistence that does not use bugs in Chrome. For example, bugs in one or more of Flash, Windows or a driver.