Google raises ante for next Chrome hacking contest to $2M

16.08.2012
Google yesterday said it will pay up to $2 million for major vulnerabilities in its Chrome browser at a second Pwnium hacking contest this fall.

Pwn2Own, a rival contest sponsored by Hewlett-Packard, will award as much as $200,000 in a mobile-specific challenge slated to run several weeks earlier.

Google's Pwnium 2 will take place at the security conference on Oct. 10 in Kuala Lumpur, Malaysia.

Like the inaugural Pwnium, which Google sponsored in March at the CanSecWest conference in Vancouver, British Columbia, the upcoming challenge will pit researchers against the then-current version of Chrome. Vulnerability and exploit experts who demonstrate exploits of previously-unknown bugs will be eligible for awards of up to $60,000 for each flaw.

For what Google calls a "full Chrome exploit" -- one that successfully hacks Chrome on Windows 7 using only vulnerabilities in Chrome itself -- Google will pay $60,000 -- the same amount it handed out at the first Pwnium.

A partial exploit that uses one bug within Chrome and one or more others -- perhaps in Windows -- will earn a researcher $50,000, a 25% increase over the same category in the CanSecWest contest. Finally, Google will pay $40,000 for any "non-Chrome" exploit that doesn't involve the browser, but reveals a flaw in, for example, Windows or Adobe's Flash Player -- which is bundled with Chrome.