Google Announces Pwnium 2 Hack Competition With $2m Prizes

Pwnium will return in October, with plenty of money on offer

Google has announced another Pwnium competition, where hackers are tasked with exposing serious flaws in the Chrome browser and rewarded with thousands of dollars.

Earlier this year, the first Pwnium competition was held at the BlackHat USA security conference in Las Vegas, with two of the winners even receiving Pwnie Awards, which celebrate the finest work of security researchers every year.

Pwnium 2, as Google is calling it, will take place on 10 October at the Hack In The Box 10-year anniversary conference in Kuala Lumpur, Malaysia. A total of $2 million (£1.28m) in prize money will be up for grabs, with the top prize being $60,000 for a “full Chrome exploit”. The winner of that prize will have to take control of either a Chrome OS or Windows 7 machine using only bugs in Chrome itself.

Big money

A $50,000 prize will go to the researcher who can carry out a “partial Chrome exploit” taking over a user account by using at least one bug in Chrome itself, plus other flaws. “For example, a WebKit bug combined with a Windows kernel bug,” Google explained.

Exploits have to be against the latest version of Google. Chrome and the underlying operating system and driver will be fully patched and running on an Acer Aspire V5-571-6869 laptop (which we’ll be giving away to the best entry),” Google said in a blog post.

“Exploits should be served from a password-authenticated and HTTPS Google property, such as App Engine. The bugs used must be novel i.e. not known to us or fixed on trunk. Please document the exploit.”

Earlier this year, Google announced it was upping the amount it would pay bug bounty hunters for a single find to $20,000. That represented a significant increase over the previous maximum payout of $3,133 that Google announced last summer.

Are you a security guru? Try our quiz!