CanSecWest, the world’s leading conference in applied digital security, will be hosting the Pwn2Own contest pitting security researchers and exploit writers against popular web browsers and mobile devices. As part of that, Google is offering a $20,000 cash prize to any hacker who can successfully compromise a Windows 7 machine via Google’s Chrome web browser.
During last year’s contest, Google Chrome was the only browser undefeated but with this additional cash prize and added publicity it is likely that more hackers will seriously take this to task. Details of the Google Chrome contest are as follows:
On day 1, Google will offer $20,000 USD and the CR-48 if a contestant can pop the browser and escape the sandbox using vulnerabilities purely present in Google-written code. If competitors are unsuccessful, on day 2 and 3 the ZDI will offer $10,000 USD for a sandbox escape in non-Google code and Google will offer $10,000 USD for the Chrome bug. Either way, plugins other than the built-in PDF support are out of scope.
Other web browser targets for this year include the latest release candidates of Microsoft Internet Explorer, Apple Safari, and Mozilla Firefox. Each browser will be installed on a 64-bit system running the latest version of OSX or Windows 7.