Google is holding its fourth Pwnium hacking contest at a security conference in Canada, in order to find exploits in its web-based Chrome operating system.
Google has announced on its Chromium blog that it will be holding the fourth Pwnium hacking contest in March, at the CanSecWest security conference in Vancouver, British Columbia.
This year, Google has made $2.71828 million dollars of prizes (these digits begin the mathematical constant e, Google notes) available to researchers who can demonstrate exploits in the Chrome OS environment.
This year, like last year at Pwnium 3, researchers must provide the full exploit to Google, with explanations of all the bugs. However, unlike last year, participants at Pwnium 4 will be given the choice between hacking an ARM based HP Chromebook, or an Acer Chromebook based on Intel Haswell microarchitecture. At Pwnium 3, hackers had to work against a Chromebook with an Intel processor.
$110,000 will be granted to a researcher who can demonstrate a browser or system level compromise delivered by a webpage. That number bumps to $150,000 if the exploit is persistent, remaining even after the computer is rebooted.
Google is offering bonuses to people who can demonstrate a “particularly impressive or surprising exploit.” Google further clarified on its blog that “Potential examples include defeating kASLR, exploiting memory corruption in the 64-bit browser process or exploiting the kernel directly from a renderer process.”
The only participant to submit an actual exploit during the 2013 Pwnium was a hacker known only by the codename ‘Pinkie Pie’, a frequenter of Google’s Pwnium events. He walked away with $40,000 that year and $120,000 during the first two Pwniums held in 2012.
2013’s less than impressive turnout practically guarantees that Google will not be spending anywhere near its $2.7 some million dollars on participants, which is already greater than the $3.14159 (Pi) million dollar cashpot it made available for Pwnium 3.
Source: The Chromium Blog