Hack Google Chrome and get $2 million

Hack Google Chrome and get $2 million

Google developers are doing there jobs assiduously to develop a browser which will become more secure against small hacks. Earlier this year Google conducted first Pwnium contest in which company was given a challenge to all the hackers to leak the security of its open source browser Google Chrome. After that Google got two entries to whom they awarded $120,000. And now according to Chromium Blog, Google is going to host another Pwnium competition, called Pwnium 2. It will be held on Oct 10th, 2012 at the Hack In The Box 10 year anniversary conference in Kuala Lumpur, Malaysia.

Google Chrome challenging Hackers!

This time, company will be sponsoring up to $2 million worth of rewards at the following reward levels:

  • $60,000: “Full Chrome exploit”: Chrome / Win7 local OS user account persistence using only bugs in Chrome itself.
  • $50,000: “Partial Chrome exploit”: Chrome / Win7 local OS user account persistence using at least one bug in Chrome itself, plus other bugs. For example, a WebKit bug combined with a Windows kernel bug.
  • $40,000: “Non-Chrome exploit”: Flash / Windows / other. Chrome / Win7 local OS user account persistence that does not use bugs in Chrome. For example, bugs in one or more of Flash, Windows or a driver.
  • $Panel decision: “Incomplete exploit”: An exploit that is not reliable, or an incomplete exploit chain. For example, code execution inside the sandbox but no sandbox escape; or a working sandbox escape in isolation. For Pwnium 2, Google want to reward people who get “part way” as they could definitely learn from this work. Google rewards panel will judge any such works as generously as they can.

Exploits should be demonstrated against the latest stable version of Google Chrome. Google Chrome and the underlying operating system and drivers will be fully patched and running on an Acer Aspire V5-571-6869 laptop (which we’ll be giving away to the best entry.) Exploits should be served from a password-authenticated and HTTPS Google property, such as App Engine. The bugs used must be novel i.e. not known to Google or fixed on trunk. Please document the exploit. So hackers come and join the contest!

Categories: Internet