After Failing To Get Hacked Last Year, Google Paying For Chrome To Be In Pwn2Own 2011
While the lineup for Pwn2Own 2011 was announced a few days ago, Google took the time today to give a bit more details about their role in the event. Of note, they write: “Chrome wasn’t originally going to be included as a target browser in the competition, but Google volunteered to sponsor Chrome’s participation by contributing monetary rewards for Chrome exploits.”
In other words: bring it, hackers.
Specifically, Google worked with the conference to come up with rules for hacking the code found in Chromium (the open source browser on which Chrome is based). On day one, if anyone is able get nail a working exploit of Chrome (again, cracking the sandbox), Google will pay them $20,000. On day two and three, the same $20,000 will be paid out for “bugs in the kernel, device drivers, system libraries, etc,” but Google and the conference will split the cost of that reward (since Google says it cares more about the first variety).
It says a lot that Chrome was the one browser not hacked last year. It says even more than this year they’re sponsoring their own participation and doubling the reward. But it’s standard business now for Google to dish out cash rewards for people who find issues with their browser. And it’s a really smart idea.
One thing Google does note is that Chrome OS, which is built with Chrome, is not a part of this competition. Because it’s still “beta” software, Google apparently doesn’t feel confident enough in it yet for it to stand up to the hackers.