Thursday, January 27, 2022

Google offers $2 million in prizes to hackers who exploit Chrome

On Wednesday, the company announced plans for Pwnium 2, a Competition that will pay $60,000 for hacks that fully exploit its Chromium browsers.

The competition, scheduled for October 10 at the Hack In The Box security conference in Malaysia, will honor smaller amounts for Chrome aggresses that rely on computer code not native to the browser. E.g., a “partial Chrome exploit,” specified as one that merges a bug in Chrome’s native code base with a bug in Windows, will be awarded $50,000. A “non-Chrome exploit” in Adobe Flash, Windows or other app will bring in $40,000.

“You may have noticed that we’ve compressed the reward levels closer together for Pwnium 2,” Google software engineer Chris Evans wrote in Wednesday’s blog post. “This is in response to feedback, and reflects that any local account compromise is very serious. We’re happy to make the web safer by any means—even rewarding vulnerabilities outside of our immediate control.”

Google will honor prizes until the $2 million threshold is gained. The company paid just $120,000 worth of accolades during the first Pwnium competition in March.

Although the quantity was only 12 percent of the $1 million it pledged, the contest ensued in two exploits that were remarkable because they relied altogether on code native to Chrome to break away from its highly regarded security sandbox.

The mechanics contain JavaScript, HTML and other web content within a tightly limited perimeter to prevent it from hijacking sensitive OS functions such as modifying registry settings or accessing user information.

About FastFlux

Owner of ZeroSecurity, interested in programming, malware analysis and penetration testing. If you would like to write for the ZeroSecurity team, please use the contact form above.

Check Also

Amazon hacked – hacker leaks 80,000 login credentials

A hacker going by the name 0x2Taylor has said to have breached the servers of …