Now on Demand: CISO Forum Virtual Summit - All Sessions Available to Watch Instantly
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Google Dangles More Than $3 Million For Security Researchers To Crack Chrome OS

Google on Monday said they are offering up serious money the security research community to help them find and fix vulnerabilities in Chrome OS.

Google on Monday said they are offering up serious money the security research community to help them find and fix vulnerabilities in Chrome OS.

Researchers at this year’s Pwn2Own contest at the CanSecWest conference in Vancouver will already be working to find vulnerabilities in web browsers and browser plug-ins, and now Google has followed up saying that it would offer up big bucks to those who can compromise its Chrome OS.

The competition, dubbed “Pwnium 3”, will have a focus on Chrome OS and Google is offering up to a total of up to $3.14159 million in rewards for vulnerabilities discovered in the operating system.

Hoping that the larger rewards will incentivize hackers to step up to the challenge in cracking the security defenses of Chrome OS, Google said it would reward researchers at the following levels:

• $110,000: browser or system level compromise in guest mode or as a logged-in user, delivered via a web page.

• $150,000: compromise with device persistence — guest to guest with interim reboot, delivered via a web page.

“The new rules are designed to enable a contest that significantly improves Internet security for everyone. At the same time, the best researchers in the industry get to showcase their skills and take home some generous rewards,” Chris Evans of the Google Chrome Security Team noted in a blog post. 

To qualify for a payout, the researcher must be able to demonstrate the attack against a base (WiFi) model of the Samsung Series 5 550 Chromebook, running the latest stable version of Chrome OS.

Advertisement. Scroll to continue reading.

“Any installed software (including the kernel and drivers, etc.) may be used to attempt the attack,” Evans noted. “For those without access to a physical device, note that the Chromium OS developer’s guide offers assistance on getting up and running inside a virtual machine.”

As is the case with the overall rules for Pwnium, the deliverable is the full exploit plus accompanying explanation and breakdown of individual bugs used. “Exploits should be served from a password-authenticated and HTTPS-supported Google property, such as Google App Engine. The bugs used must not be known to us or fixed on trunk. We reserve the right to issue partial rewards for partial, incomplete or unreliable exploits,” Evans explained.

Both Pwn2Own and Pwnium 3 will take place at the CanSecWest conference on March 6-8.

Written By

For more than 15 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is founder and director of several leading cybersecurity industry conferences around the world.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join SecurityWeek and Hitachi Vantara for this this webinar to gain valuable insights and actionable steps to enhance your organization's data security and resilience.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Secure enterprise browser provider Menlo Security has appointed Bill Robbins as President.

Erik Rolf has joined Booz Allen Hamilton as the Business Information Security Officer (BISO) of Commercial Sector.

Gant Redmon has joined Trustle as its new Chief Executive Officer and Board Director.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.