16 Aug 2012

Google Offers $2 Million in Bounties for Chrome Bugs

Google committed $2 million in prizes for the second Pwnium competition to be held Oct. 10 in Kuala Lumpur offering those who discover Chrome exploits significant cash prizes while helping the company improve Chrome’s reliability.

Doubling rewards from $1 million at the first Pwnium competition in March, hackers should be motivated to search for full Chrome exploits that affect local OS user accounts. First place consists of a $60,000 award, while second and third places earn $50,000 and $40,000. There’s another cash prize for an “incomplete exploit” that will be decided after a panel decision.

“Exploits should be demonstrated against the latest stable version of Chrome. Chrome and the underlying operating system and drivers will be fully patched and running on an Acer Aspire V5-571-6869 laptop (which we’ll be giving away to the best entry.),” writes Google’s software engineer, Chris Evans. “Exploits should be served from a password-authenticated and HTTPS Google property, such as App Engine. The bugs used must be novel i.e. not known to us or fixed on trunk. Please document the exploit.”

Google’s rewards program paid off as the company recently said that “this signals to us that bugs are becoming harder to find, as the efforts of the wider community have made Chromium significantly stronger.”