Earlier this year, Google withdrew its sponsorship of the Pwn2Own hacking contest and set up its own Chrome-specific contest called Pwnium at the CanSecWest security conference. Google has decided to try another Pwnium hacking contest, this one in Malaysia.
The $2 million in prize money will be doled out at various reward levels: $60,000 for a full Chrome exploit, $50,000 for a partial Chrome exploit, $40,000 for a non-Chrome exploit, and an undetermined amount for an incomplete exploit.
Chris Evans, Google software engineer, explained that the reward levels are closer together in response to feedback and “reflects that any local account compromise is very serious. We’re happy to make the web safer by any means – even rewarding vulnerabilities outside of our immediate control.”
Evans explained that exploits should be demonstrated against the latest stable version of Chrome. “Chrome and the underlying operating system and drivers will be fully patched and running on an Acer Aspire V5-571-6869 laptop (which we’ll be giving away to the best entry). Exploits should be served from a password-authenticated and HTTPS Google property, such as App Engine. The bugs used must be novel, i.e., not known to us or fixed on trunk. Please document the exploit”, he added.