Google is paying very well for information about security vulnerabilities in its products.
The third Pwnium competition - Pwnium 3 - will be focused on Chrome OS. Google is offering Pwnium 3 rewards for Chrome OS at the following levels, up to a total of $3.14159 million USD:
- $110,000: browser or system level compromise in guest mode or as a logged-in user, delivered via a web page.
- $150,000: compromise with device persistence -- guest to guest with interim reboot, delivered via a web page.
"We believe these larger rewards reflect the additional challenge involved with tackling the security defenses of Chrome OS, compared to traditional operating systems," Chris Evans of Google Chrome Security Team wrote in a blog post.
Google says the attack must be demonstrated against a base (WiFi) model of the Samsung Series 5 550 Chromebook, running the latest stable version of Chrome OS. Any installed software (including the kernel and drivers, etc.) may be used to attempt the attack.
Pwnium 3 will take place on-site at the CanSecWest conference on March 7.
Google?s hacking contest will take place at the same time as the Pwn2own competition put on by the HP-owned Zero Day Initiative. It will be held at the CanSecWest security conference taking place March 6-8 in Vancouver, BC. This year Google also teamed up with ZDI by working together on the Pwn2Own rules and by underwriting a portion of the winnings for all targets. The contest will pit hackers against a line-up of Web browsers as well as common plug-ins. Participants can earn $100,000 for hacking Google Chrome browser or Internet Explorer 10, $65,000 for compromising Safari, or $60,000 for Firefox.