Google rounds up Pwnie prize to $π million for Chrome OS hacks

Google shoves Chrome OS in to the hacker spotlight.
  • Liam Tung (CSO Online)
  • — 29 January, 2013 11:42

Google has ‘rounded up’ the cash prize pool available to Pwnium 3 hacking contestants to $3.14159 million, or π, but hackers will need to break more than the browser to get a piece.

The pi-sized prize pool is just over $1 million larger than the $2 million up for grabs in its second Pwnie contest at the Hack in the Box conference last August. Back then, a young hacker who goes by the name “Pinkie Pie” took out the top level prize of $60,000 for delivering a “full Chrome exploit” on a fully patched Windows 7 machine running the latest release of Chrome.

The third round of its Pwnie competition will happen at CanSecWest conference on March 7 in Vancouver, Canada, but unlike previous competitions Chrome browser exploits are off the prize list.

Instead, hackers will need to develop attacks for Chrome OS -- the OS for Samsung and Acer low-cost Chromebooks -- and top individual prize levels have been raised from $60,000 to $150,000.

“We believe these larger rewards reflect the additional challenge involved with tackling the security defences of Chrome OS, compared to traditional operating systems,” Google Chrome Security Team member Chris Evans wrote in a blog post.

Contestants will be offered $110,000 for a successful exploit delivered by a web page that achieves a browser or system level compromise “in guest mode or as a logged-in user”. A $150,000 prize will be offered for a “compromise with device persistence -- guest to guest with interim reboot, delivered via a web page”.

Hackers will need to demonstrate their attacks against a Wifi-only model of Samsung’s Series 5 550 Chromebook running the latest stable version of Chrome OS. The current beta Chrome OS version 25.0.1364.46 was updated last week.

Chrome browser exploits will still get a showing at CanSecWest but will be run under HP’s Zero Day Initiative (ZDI) Pwn2Own title, for which Google has tipped in some cash.

Follow @CSO_Australia and sign up to the CSO Australia newsletter.

Tags: Pwnie, hacks, Google Chrome OS

Forget BYOD – it's now BYOC

Comments are now closed.
CSO Corporate Partners
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory


RSA offers a wide range of strong two-factor authentication solutions to help organizations assure user identities and meet compliance requirements.

Latest Jobs
Security Awareness Tip

Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).

  1. Have an incident response plan.

  2. Pre-define your incident response team 

  3. Define your approach: watch and learn or contain and recover.

  4. Pre-distribute call cards.

  5. Forensic and incident response data capture.

  6. Get your users on-side.

  7. Know how to report crimes and engage law enforcement. 

  8. Practice makes perfect.

For the full breakdown on this article

Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.