Google offers $20k for Chrome hack in Pwn2Own


The fifth Pwn2Own hacking contest is scheduled to kick off at CanSecWest security conference on March 9, and Google (NASDAQ: GOOG) will be throwing in $20,000 to the first researcher that can hack its Chrome web browser. According to the rules announced just this week by sponsor TippingPoint, the first researcher to break into Internet Explorer, Firefox or Safari in the first round will receive $15,000 this year, as well as the machine running the browser. To be clear, there will be one prize per browser.

Successfully hacking Chrome on the first day however, will net the successful researcher a slightly larger prize of $20,000. Of course, Chrome's built-in sandbox does means that two separate vulnerabilities will be necessary--one to escape the sandbox, and another to infiltrate the computer proper. In the spirit of the competition, Google will be throwing in its Chrome-OS based CR-48 as the non-cash component of the prize.

Even if nobody succeeds in the first round, a successful hack in round two and three (held on the second and third day respectively) will still yield a prize of $20,000, though $10,000 of that will come from TippingPoint.

Aaron Portnoy, the manager of HP TippingPoint's security research team praised Google's security team for taking the initiative to approach them. While the competition has always been closely watched by browser makers, this is the first time in the competition that a vendor sponsorship has taken place. Google's move can only be an expression of its confidence in its superior security architecture and implementation; it would be interesting to see if Mozilla, Microsoft (NASDAQ: MSFT) and Apple (NASDAQ: AAPL) will come up with similar offers next year. 

New to the contest this year would be inclusion of mobile phone hacking. This segment will feature top smartphone platforms such as Dell Venue Pro running Windows 7, Apple iPhone4 on the iOS, BlackBerry Torch 9800 on BlackBerry 6 OS and a Nexus S running on Android. I think the enhanced prizes and lineup of products makes for a very interesting contest this year indeed.

For more on this story:
- check out this article at Computerworld
- check out this blog at TippingPoint 

Related Articles:
Pwn2Own 2010: The Mac isn't more secure 
Firefox, IE8, Safari and iPhone overcome on day one of Pwn2Own 
Microsoft defends Windows 7 security in wake of Pwn2Own