Think you've got what it takes to hack the Google Chrome browser? Google has put $20,000 up for grabs for the first person to crack the browser at this year's Pwn2Own hacking contest.
Is Google being overconfident? Perhaps not. Chrome has been on the target list at Pwn2Own since 2009 and so far no one has cracked the browser.
Here are the details:
As mentioned previously, we've upped the ante this time around and the total cash pool allotted for prizes has risen to a whopping $125,000 USD. While HP TippingPoint is funding $105,000 of that, we've partnered with Google who has generously offered up $20,000 to the researcher who can best their Chrome browser. Kudos to the Google security team for taking the initiative to approach us on this; we're always in favor of rewarding security researchers for the work they too-often do for free.
A successful hack of IE, Safari, or Firefox will net the competitor a $15,000 USD cash prize, the laptop itself, and 20,000 ZDI reward points which immediately qualifies them for Silver standing. Benefits of ZDI Silver standing include a one-time $5,000 USD cash payment, 15% monetary bonus on all ZDI submissions in 2011, 25% reward point bonus on all ZDI submissions in 2011 and paid travel and registration to attend the DEFCON Conference in Las Vegas.
As for Chrome, the contest will be a two-part one. On day 1, Google will offer $20,000 USD and the CR-48 if a contestant can pop the browser and escape the sandbox using vulnerabilities purely present in Google-written code. If competitors are unsuccessful, on day 2 and 3 the ZDI will offer $10,000 USD for a sandbox escape in non-Google code and Google will offer $10,000 USD for the Chrome bug. Either way, plugins other than the built-in PDF support are out of scope.
Along with the browser contest, there's a separate contest for cracking mobile devices. This year the target devices consist of:
- Dell Venue Pro running Windows 7
- iPhone 4 running iOS
- Blackberry Torch 9800 running Blackberry 6 OS
- Nexus S running Android
I'll put a $20 on Chrome surviving unscathed for another year.