Google also added a new class of awards for incomplete exploits. "We want to reward people who get 'part way' as we could definitely learn from this work," Chris Evans, a software engineer on the Chrome security team, said in a Wednesday post to Google's . "Our rewards panel will judge any such works as generously as we can."

The company committed up to $2 million total to Pwnium 2, twice the maximum it . It's unlikely it will end up paying anywhere near $2 million; in March, it wrote checks totaling $120,000, or 12% of the $1 million limit.

To claim any award except in the "incomplete" category, researchers must not only pinpoint the vulnerability but also provide working exploit code to Google.

Evans repeated what Google had said earlier, that the original Pwn2Own was a success. "We were able to make Chromium significantly stronger based on what we learned," he said, referring to the name of the open-source project run by Google that then feeds code into Chrome itself

Both researchers who at the March event -- Sergey Glazunov and someone identified only as "PinkiePie" -- also took home the last month in the "Best Client-Side Bug" category for their Chrome work.