Competitions like Pwn2Own are a staple of the security research scene and with Pwnium 3, Google today announced the latest edition of its own competition. What’s different this time around is the target. For the first time, the focus of the Pwnium competition is now Chrome OS, Google’s Linux-based, browser-centric operating system. In total, Google is making up to $3.14159 million in
Pi prize money available for this competition.
Both the focus on Chrome OS, as well as the increased rewards from previous competitions, which topped out at $60,000, clearly show Google’s interest in the Chrome OS platform. While it’s been hard to track the actual success of Chrome OS, Acer today said that its Chromebook now accounts for 5-10 percent of its U.S. shipments, so this is clearly a growing market for Google and its partners.
There will be two reward levels in this year’s competition:
- $110,000: browser or system level compromise in guest mode or as a logged-in user, delivered via a web page.
- $150,000: compromise with device persistence — guest to guest with interim reboot, delivered via a web page.
These higher rewards, says Google, “reflect the additional challenge involved with tackling the security defenses of Chrome OS, compared to traditional operating systems.” To claim the prizes, the attacks must be demonstrated against Samsung’s Series 5 550 Chromebook running the latest stable version of Chrome OS.