Internet giant Google has announced to give $ 2.7 million for finding security bugs in both its Chrome browser and Chrome OS at its Pwnium 4 competition.
Google will host the Pwnium 4 at CanSecWest security conference in Vancouver in March this year and offers $110,000 for each "browser or system-level compromise in guest mode or as a logged-in user, delivered via a web page." It will also offer $150,000 to anyone who can "compromise with device persistence: guest to guest with interim reboot, delivered via a web page."
Google adds that there will be bonuses for demonstrating “a particularly impressive or surprising exploit”. The company gave three examples: exploiting memory corruption in the 64-bit browser process, defeating kASLR, or exploiting the kernel directly from a renderer process.
Security researchers can choose between an the Acer C720 Chromebook (the WiFi-only 2GB version) or ARM-based Chromebook (the WiFi-only HP Chromebook 11) to demonstrate the hacks. Last year, only Intel-based Chrome OS devices were allowed in the event.
Google, who loves to play with geeky numbers has aptly named the conference Pwnium. "Pwn" is popular geek term which means 'breaking into a computer and owning it' and Pwnium is a play on the full name of Google Chrome: Chromium. The prize money $2.71828 million is "the mathematical constant e" which is an important concept to understand when writing algorithms.
Recently a new bug was discovered in Chrome that allows hackers to listen in to offline conversations. The bug allows malicious sites to activate your microphone and listen and record conversations around your laptop even if the tabs are closed. The bug was reported by developer Tal Ater and was nominated for Chromium’s Reward Panel. However, even after 4 months the solution to the bug has still not reached the desktop users.