News

Google Pwnium hacking contest backed with $2 million in rewards

Robert Westervelt, News Director

Google is sponsoring a second Pwnium contest to reward bug hunters for hacking into systems and up to $2 million in rewards are available to those who can demonstrate a working exploit.

    Requires Free Membership to View

We’re happy to make the web safer by any means -- even rewarding vulnerabilities outside of our immediate control.

Chris Evans, software engineer, Google Inc.

Pwnium 2 competition will be held in October at the Hack In The Box security conference in Malaysia. The search engine giant will put the latest stable version of its Chrome browser in front of hackers. The underlying operating system and drivers will be fully patched and running on an Acer Aspire V5-571-6869 laptop, Google said in a blog entry announcing the Pwnium 2 contest details.

"We’re happy to make the web safer by any means -- even rewarding vulnerabilities outside of our immediate control," wrote Chris Evans, a Google software engineer in the Chromium blog.

Google will reward $60,000 for a full Chrome exploit using only bugs in Chrome itself; and $50,000 for a partial Chrome exploit using Chrome itself and other browser or Windows vulnerabilities such as Webkit or kernel-level flaws. A $40,000 prize would be rewarded for a non-Chrome exploit for a bug in Flash, Windows or a driver. In addition incomplete or unreliable exploits may also receive a prize, Google said. "Our rewards panel will judge any such works as generously as we can," wrote Evans.  

Google extended its Chromium Security Rewards Program in February with the introduction of the Pwnium hacking competition at the CanSecWest 2012 conference in Vancouver BC. Pwnium ran alongside the HP-TippingPoint Pwn2Own contest and rewarded researchers with $1 million worth of rewards. The company is one of several companies, including Mozilla and Facebook, which offer bug bounty programs. Microsoft remains opposed to a vulnerability rewards program.

At CanSecWest, Vupen Securitytook down Chrome in the first five minutes of the competition, enabling the researchers to use the attack to bypass the sandbox as well as DEP and ASLR restrictions in Windows. A flaw in Google Chrome was also successfully during Pwn2Own, enabling a researcher to bypass the browser sandbox and gain access to the system.

"We received two submissions of such complexity and quality that both of them won Pwnie Awards at this year’s Black Hat industry event," Evans wrote of the first Pwnium competition. "Most importantly, we were able to make Chromium significantly stronger based on what we learned."  


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: