If you’re an active member of your nearest hacking community, put your skills to the test in Google’s upcoming “Pwnium” competition. The search-giant announced on Monday it will once again sponsor rewards for anyone who can come up with Chrome exploits at the CanSecWest security conference March 7 – 9.
Users who demonstrate a “Full Chrome exploit” using only bugs found in Chrome itself to gain access to Windows 7 user permissions will receive a sum of $60,000. There’s also a “Partial Chrome exploit” for anyone who achieves user permissions through both Chrome and Windows bugs. Finally, Google will offer a $20,000 “consolation reward” for an exploit using Chromium to utilize bugs found in either Flash or Windows only.
The rewards will be issued on a first-come-first-served basis up to the $1 million limit per category, so there’s plenty to go around, it seems. “We require each set of exploit bugs to be reliable, fully functional end to end, disjoint, of critical impact, present in the latest versions and genuinely “0-day,” i.e. not known to us or previously shared with third parties,” the Google Chrome Security Team said.
While exploiting software is typically a frowned upon activity, Google is using the CanSecWest conference as a learning opportunity regarding full end-to-end exploits. “Not only can we fix the bugs, but by studying the vulnerability and exploit techniques we can enhance our mitigations, automated testing, and sandboxing,” Google said. “This enables us to better protect our users.”
I feel safer already.