Last year, after two full days of hacking, only one web browser emerged from Pwn2Own unscathed: Google Chrome. IE8, Safari 4, Firefox 3, and even Safari on iOS actually all fell after just one day, but no one could seem to penetrate Chrome. In fact, despite a $10,000 bounty to crack their “sandbox”, no one even tried, likely figuring it was futile. And so this year, Pwn2Own wasn’t even going to invite Chrome back. Then Google stepped in with wads of cash.
While the lineup for Pwn2Own 2011 was announced a few days ago, Google took the time today to give a bit more details about their role in the event. Of note, they write: “Chrome wasn’t originally going to be included as a target browser in the competition, but Google volunteered to sponsor Chrome’s participation by contributing monetary rewards for Chrome exploits.”
In other words: bring it, hackers.
Specifically, Google worked with the conference to come up with rules for hacking the code found in Chromium (the open source browser on which Chrome is based). On day one, if anyone is able get nail a working exploit of Chrome (again, cracking the sandbox), Google will pay them $20,000. On day two and three, the same $20,000 will be paid out for “bugs in the kernel, device drivers, system libraries, etc,” but Google and the conference will split the cost of that reward (since Google says it cares more about the first variety).
It says a lot that Chrome was the one browser not hacked last year. It says even more than this year they’re sponsoring their own participation and doubling the reward. But it’s standard business now for Google to dish out cash rewards for people who find issues with their browser. And it’s a really smart idea.
One thing Google does note is that Chrome OS, which is built with Chrome, is not a part of this competition. Because it’s still “beta” software, Google apparently doesn’t feel confident enough in it yet for it to stand up to the hackers.