Google has launched its third Pwnium competition this time focusing on Chrome OS. For Pwnium 3 Google is prepared to give away up to $3.14159 million USD (yes, that is the number PI rounded up to 5 decimal places) in prizes to any security researcher who can demonstrate a browser or system level compromise.
In previous years Google’s Pwnium competition focused on its Chrome web browser but this year the search giant says that since Pwn2own is covering Chrome, it wants hackers at Pwnium 3 to attack Chrome OS. Google are giving away up to $150,000 per exploit but to get the money the compromise must be demonstrated on a base (WiFi) model of the Samsung Series 5 550 Chromebook, running the latest stable version of Chrome OS. Also you need to give Google details of the exploit!
Underwriting rewards of $3.14159 million might sound like a big amount, but during previous competitions Google only had to payout a fraction of the total rewards available. It is likely that security researchers will only find one or two exploitable vulnerabilities, so Google will likely payout around $300,000 by the end of the competition. However that is still a big sum of money.
So why is Google running these competitions and handing out such large sums of cash. In the same way that the technology used in Formula 1 racing trickles down to the consumer market, so it is with these competitions. Once the exploit has been shown Google, will update Chrome OS and Chrome to fix the errors. It will also start to look for similar and related errors in the code.
With millions of people using the Internet and a good portion of those using Chrome, Chrome OS or Android, Google has positioned itself as a company which takes security seriously and is building trust among consumers and corporates to demonstrate that our data and Internet transactions are safe in its hands. The level to which that assertion is true is however a completely different conversation!
Pwnium 3 will be part of the CanSecWest 2013 conference, where the annual Pwn2Own competition will also be run that targets web browsers including Google Chrome.