Google has ‘rounded up’ the cash prize pool available to Pwnium 3 hacking contestants to $3.14159 million, or π, but hackers will need to break more than the browser to get a piece.
The pi-sized prize pool is just over $1 million larger than the $2 million up for grabs in its second Pwnie contest at the Hack in the Box conference last August. Back then, a young hacker who goes by the name “Pinkie Pie” took out the top level prize of $60,000 for delivering a “full Chrome exploit” on a fully patched Windows 7 machine running the latest release of Chrome.
The third round of its Pwnie competition will happen at CanSecWest conference on March 7 in Vancouver, Canada, but unlike previous competitions Chrome browser exploits are off the prize list.
Instead, hackers will need to develop attacks for Chrome OS -- the OS for Samsung and Acer low-cost Chromebooks -- and top individual prize levels have been raised from $60,000 to $150,000.
“We believe these larger rewards reflect the additional challenge involved with tackling the security defences of Chrome OS, compared to traditional operating systems,” Google Chrome Security Team member Chris Evans wrote in a blog post.
Contestants will be offered $110,000 for a successful exploit delivered by a web page that achieves a browser or system level compromise “in guest mode or as a logged-in user”. A $150,000 prize will be offered for a “compromise with device persistence -- guest to guest with interim reboot, delivered via a web page”.
Hackers will need to demonstrate their attacks against a Wifi-only model of Samsung’s Series 5 550 Chromebook running the latest stable version of Chrome OS. The current beta Chrome OS version 25.0.1364.46 was updated last week.
Chrome browser exploits will still get a showing at CanSecWest but will be run under HP’s Zero Day Initiative (ZDI) Pwn2Own title, for which Google has tipped in some cash.