Google offers over $3M for breaking Chrome OS
With $3.14159 prize pool and a completely new target, Google’s Pwnium contest has become an even greater challenge for security researchers out to make a buck from their knowledge and efforts.
The third iteration of the hacking contest is to be held during the CanSecWest security conference taking place March 6-8 in Vancouver, BC.
As one of the targets of HP’s ZDI Pwn2Own contest is Google’s Chrome browser, the company has decided to make its relatively new Chrome OS the main focus of Pwnium.
Successful competitors cam look forward to $110,000 prizes for a browser or system level compromise in guest mode or as a logged-in user, delivered via a web page, or $150,000 for a compromise with device persistence – guest to guest with interim reboot, delivered via a web page.
“The attack must be demonstrated against a base (WiFi) model of the Samsung Series 5 550 Chromebook, running the latest stable version of Chrome OS. Any installed software (including the kernel and drivers, etc.) may be used to attempt the attack,” shared Google security researcher Chris Evans.
Researchers are required to deliver the full exploit plus accompanying explanation and breakdown of individual bugs used. For partial, incomplete or unreliable exploits they will be awarded only partial rewards.
“We believe these larger rewards reflect the additional challenge involved with tackling the security defenses of Chrome OS, compared to traditional operating systems,” added Evans.