Google is putting $2 million up for grabs if hackers can exploit the Chrome web browser. The Pwnium 2 contest, to be held on October 10 at the 10th anniversary Hack In The Box security conference in Kuala Lumpur, Malaysia, following two successful hacks being demonstrated at the CanSecWest conference earlier this year. The $2 million is divided down into four prize levels.
Hacks using bugs within Chrome and not relying on other system flaws can earn the finder $60,000. A prize of $50,000 will go to those showing a “Partial Chrome Exploit”, where at least one bug in Chrome is used in tandem with other systems, such as a WebKit bug combined with a Windows kernel bug. “Non-Chrome exploits” will also earn $40,000 for anything that doesn’t use any bugs within Chrome, for example in Flash or Windows. A fourth level for “Incomplete Exploits” sees a panel rewarding attempts that either partly work or are unreliable.
Google has a history of rewarding those finding bugs in their products. An update to their Vulnerability Rewards Program in April allowed people to earn up to $20,000 per vulnerability declared, with smaller values such as $3,133.70 and $1,337 for lesser exploits such as cross-site scripting.