Previously, Google has offered prize totals of $1 million, and then $2 million, for hackers who can break its Chrome browser security in one way or another (the amount of compensation depends on the attack type). Now it is raising the total to $3.14159 million (a nod to Pi) for hackers who dare breach its Chrome OS security.
Google will issue Pwnium 3 rewards for Chrome OS at the following levels, up to a total of $3.14159 million USD:
- $110,000: browser or system level compromise in guest mode or as a logged-in user, delivered via a web page.
- $150,000: compromise with device persistence -- guest to guest with interim reboot, delivered via a web page.
The attack must be demonstrated against a base (WiFi) model of the Samsung Series 5 550 Chromebook, running the latest stable version of Chrome OS. Any installed software (including the kernel and drivers, etc.) may be used to attempt the attack.
For those without access to a physical device, note that the Chromium OS developer's guide offers assistance on getting up and running inside a virtual machine.
Pwnium 3 will take place on-site at the CanSecWest conference on March 7.
Written by: James Delahunty @ 3 Feb 2013 15:54