Google has, once again, called security researchers to participate in its annual Pwnium contest scheduled to be held at the CanSecWest security conference in Vancouver in mid-March.
The fourth edition of the hacking contest will, as last year, focus on the company’s Chrome OS, and competitors will contend for sizeable prizes.
Contestants who manage to execute a browser or system-level compromise in guest mode or as a logged-in user, delivered via a web page, will win $110,000, and those who carry our a compromise with device persistence (“persistent Guest-to-Guest exploit” with interim reboot, delivered via a web page) will gain a cool $150,000.
The prize pool is $2.71828 million in total.
“New this year, we will also consider significant bonuses for demonstrating a particularly impressive or surprising exploit. Potential examples include defeating kASLR, exploiting memory corruption in the 64-bit browser process or exploiting the kernel directly from a renderer process,” explained Jorge Luc??ngeli Obes, Google security engineer and Pwnium Master of Ceremonies.
“Past Pwnium competitions have focused on Intel-based Chrome OS devices, but this year researchers can choose between an ARM-based Chromebook, the HP Chromebook 11 (WiFi), or the Acer C720 Chromebook (2GB WiFi) that is based on the Intel Haswell microarchitecture. The attack must be demonstrated against one of these devices running the then-current stable version of Chrome OS.”
As usual, to win a prize they will have to deliver a full exploit with thorough explanations about the exploited bugs. Any software included with the default installation may be used as part of the attack.
Researchers thinking of registering have until March 10th, 2014 to decide.
For more details, check out the official rules for the contest.