chrome Break Google Chrome, Get Paid up to $2,000,0000!

After increasing the bounties for its vulnerabilities rewards program, Google has announced that it will double the prize pool for its Google Chrome hacking competition.

Good on you Google.

After increasing the bounties for its vulnerabilities rewards program, Google has announced that it will double the prize pool for its Google Chrome hacking competition.

Google has already invited people to break Chrome, for example at last year's Pwn2Own, when it offered US$20,000 to anyone who could break it. At the time no one would accept the challenge. Earlier this year, it split off from Pwn2Own with its own bug-hunting competition, called Pwnium, and increased the top reward — for breaking Chrome using Chrome-specific code — to US$60,000.

As part of the competition, Google set aside US$1 million in total rewards for anyone who wanted to submit multiple exploits.

Google is now organising its second Pwnium and has raised the total prize pool to US$2 million, and increased some of the rewards for exploits.

The top reward still remains at US$60,000, but hackers who are able to break Chrome using non-Chome-specific code or exploits, such as a Windows kernel bug as a springboard, will be rewarded with US$50,000. Previously, this prize was worth US$40,000.

Additionally, exploits directly unrelated to Chrome can be submitted, and are eligible for US$40,000 in rewards. Previously, these were only worth US$20,000. This also means that hackers who find non-Google bugs can still be rewarded for their efforts, even if the owner of the code that they are exploiting has decided not to offer bounties, such as Microsoft.

google(1) Break Google Chrome, Get Paid up to $2,000,0000!

Google is also offering rewards for partial exploits, or those that can't be immediately used. Such examples include exploits that work within Chrome's sandbox, but aren't considered an immediate threat because they don't break the sandbox. Google's judging panel will determine what these partial threats are worth.

Hackers will be required to demonstrate their exploits on the latest stable release of Chrome, running on a patched fully Acer Aspire V5-571-6869 laptop. In addition to the prize money, the hacker responsible for the best entry will also get to keep the laptop.

The other, more important aspect of the competition is that the exploits must be documented. This ensures that Google is able to patch Chrome's vulnerabilities and alert affected vendors.

In the last Pwnium, the two winning entries were both blocked within 24 hours of being demonstrated, and later shared on the Chromium Blog so that anyone could learn from Google's mistakes.