Google drops Pwn2Own sponsorship, posts $1 mln Chrome bounty

google_chrome-logo

Google has withdrawn its sponsorship of the Pwn2Own contest at this year’s CanWestSec security conference, opting instead to sponsor “Pwnium,” its own competition at CanWestSec for security exploits found in its own Chrome browser. Google is putting its money where its mouth is, offering up to $1 million for viable security exploits found in its Chrome browser. However, to collect the bounty, hackers and/or security researchers have to disclose the full end-to-end details of their flaws. That disclosure is why Google pulled its sponsorship of Pwn2Own: for the first time this year, Pwn2Own is not requiring participants reveal their full exploits.

“We decided to withdraw our sponsorship when we discovered that contestants are permitted to enter Pwn2Own without having to reveal full exploits (or even all of the bugs used!) to vendors,” wrote Chris Evans and Justin Schuh of the Google Chrome Security Team. “Full exploits have been handed over in previous years, but it’s an explicit non-requirement in this year’s contest, and that’s worrisome.”

The Pwn2Own rules don’t say much about diclosure of vulnerabilities, only that any exploits will be reviewed by judges to ensure multiple teams don’t use duplicate exploits. However, in a tweet last month the contest organizers indicated that if a zero-day exploit is not a winner, “the vuln is still theirs and will not be reported.”

However, Google still wants hackers and security researchers to look for (and report) flaws in its Chrome browser—and its offering up to $1 million for those exploits. Instead of participating in Pwn2Own, Google will run its own “Pwnium” contest, offering up to $60,000 for a “full Chrome exploit” that enables attackers to take over a Windows 7 account using only flaws in Chrome: Google will also offer $40,000 prizes for partial Chrome exploits and $20,000 for exploits that use other problems (like Flash or driver bugs). Winners will also receive a Chromebook. Google says it will pay multiple rewards per category up to $1 million on a first-come, first-served basis, but Google has to have first crack at the exploits, and contestants have to disclose full details of their attacks.

Google’s new prizes represent a significant increase: previously, Google had offered $20,000 for “full Chrome exploits” and $10,000 for partial Chrome exploits. Security researchers have noted that those earlier prizes were not enough to be worth researchers’ or hackers’ time. Someone who found a solid exploit in Chrome or another browser could make far more money by selling the attack to malware distributors and other cybercriminals, rather than reporting the problem to Google.

Perhaps as a result, Google’s Chrome has done well at Pwn2Own: in five years, no one has taken home prize money for exploiting Chrome.

The Pwn2Own contest is set up by HP TippingPoint, with the aim of gathering data it can use to beef up its intrusion detection systems. However, Google is more interested in discovering end-to-end flaws and improving the security of its browser. Overall, Google’s decision to stop sponsoring Pwn2Own and offer its own higher bounties for Chrome exploits seems to have been well-received.

Computing

Own an Asus computer? Malware might be hiding in your system

If you own an Asus computer, your system might have been infected by malware distributed from the tool you typically use to update the BIOS and install other security patches, according to a new report by cybersecurity firm Kaspersky Lab.
Computing

In 2019, laptops are better than ever. Here are the best of the best

The best laptop should be one that checks all the boxes: Great battery life, beautiful design, and top-notch performance. Our picks for the best laptops you can buy do all that — and throw in some extra features while they're at it.
Cars

Tesla Model 3 vulnerability exposed at Pwn2Own; hackers take home the car

A Tesla Model 3 vulnerability was exposed at the Pwn2Own hacking competition. The hackers, who were able to display a message on the electric vehicle's internet browser, won $35,000 and took home the car.
Smart Home

These best outdoor security cameras will keep porch pirates at bay

Worried about porch pirates stealing your packages, or intruders entering your home? Always be in the know about who or what is on your property by installing one of these outdoor security cameras.
Computing

You don't have to spend a fortune on a PC. These are the best laptops under $300

Buying a laptop needn't mean spending a fortune. If you're just looking to browse the internet, answer emails, and watch Netflix, you can pick up a great laptop at a great price. These are the best laptops under $300.
Computing

Dodge the biggest laptop-buying mistakes with these handy tips

Buying a new laptop is exciting, but you need to watch your footing. There are a number of pitfalls you need to avoid and we're here to help. Check out these top-10 laptop buying mistakes and how to avoid them.
Computing

Amazon sale knocks $200 off the price of 13-inch MacBook Pro with Touch Bar

If you always wanted to buy a MacBook Pro but found it a bit too expensive, now is your chance to save. A base version of the 13-inch MacBook Pro with Touch Bar is currently on sale at Amazon for $1,600.
Computing

Keep your laptop battery in tip-top condition with these handy tips

Learn how to care for your laptop's battery, how it works, and what you can do to make sure yours last for years and retains its charge. Check out our handy guide for valuable tips, no matter what type of laptop you have.
Computing

Is it worth spending more for the Surface Pro, or is the Surface Go good enough?

The Surface Go vs. Surface Pro — which is better? While the higher price tag of one might make you think it's an easy choice, a deeper dive into what each offers makes it a closer race than you might assume.
Computing

Apple’s 4K 21.5-inch iMac is now $200 off if you pre-order it

Apple's new iMacs are now available and if you pre-order one from B&H you can get the midrange version for $200. That's a near 20-percent saving on one of the most competitive configurations.
Emerging Tech

Microsoft’s latest breakthrough could make DNA-based data centers possible

Could tomorrow's data centers possibly store information in the form of synthetic DNA? Researchers from Microsoft have successfully encoded the word "hello" into DNA and then back again.
Computing

The new Windows 10 File Explorer could look like this in 2020

Microsoft may update Windows 10's File Explorer to adopt Fluent Design principles in an upcoming 2020 update. A report suggests that we'll get our first glimpse at the new-look explorer in upcoming Windows Insider builds.
Computing

Hands-on with Microsoft Chromium Edge: A first look at the early release

We installed a preview of Edge Chromium, and there's now a lot that makes it feel Chrome, but there are also some similarities to the old Edge. So, is the new Chromium Edge the best browser ever? Here's a hands-on look.
Computing

DisplayPort and HDMI both connect to screens, but here's how they're different

HDMI and DisplayPort are two of the most popular connectors for hooking up consoles, gaming PCs, TVs, and monitors, but which is best? To find out, we pitted HDMI vs. DisplayPort and compared their best and worst features.