Google drops Pwn2Own sponsorship, posts $1 mln Chrome bounty

google_chrome-logo

Google has withdrawn its sponsorship of the Pwn2Own contest at this year’s CanWestSec security conference, opting instead to sponsor “Pwnium,” its own competition at CanWestSec for security exploits found in its own Chrome browser. Google is putting its money where its mouth is, offering up to $1 million for viable security exploits found in its Chrome browser. However, to collect the bounty, hackers and/or security researchers have to disclose the full end-to-end details of their flaws. That disclosure is why Google pulled its sponsorship of Pwn2Own: for the first time this year, Pwn2Own is not requiring participants reveal their full exploits.

“We decided to withdraw our sponsorship when we discovered that contestants are permitted to enter Pwn2Own without having to reveal full exploits (or even all of the bugs used!) to vendors,” wrote Chris Evans and Justin Schuh of the Google Chrome Security Team. “Full exploits have been handed over in previous years, but it’s an explicit non-requirement in this year’s contest, and that’s worrisome.”

The Pwn2Own rules don’t say much about diclosure of vulnerabilities, only that any exploits will be reviewed by judges to ensure multiple teams don’t use duplicate exploits. However, in a tweet last month the contest organizers indicated that if a zero-day exploit is not a winner, “the vuln is still theirs and will not be reported.”

However, Google still wants hackers and security researchers to look for (and report) flaws in its Chrome browser—and its offering up to $1 million for those exploits. Instead of participating in Pwn2Own, Google will run its own “Pwnium” contest, offering up to $60,000 for a “full Chrome exploit” that enables attackers to take over a Windows 7 account using only flaws in Chrome: Google will also offer $40,000 prizes for partial Chrome exploits and $20,000 for exploits that use other problems (like Flash or driver bugs). Winners will also receive a Chromebook. Google says it will pay multiple rewards per category up to $1 million on a first-come, first-served basis, but Google has to have first crack at the exploits, and contestants have to disclose full details of their attacks.

Google’s new prizes represent a significant increase: previously, Google had offered $20,000 for “full Chrome exploits” and $10,000 for partial Chrome exploits. Security researchers have noted that those earlier prizes were not enough to be worth researchers’ or hackers’ time. Someone who found a solid exploit in Chrome or another browser could make far more money by selling the attack to malware distributors and other cybercriminals, rather than reporting the problem to Google.

Perhaps as a result, Google’s Chrome has done well at Pwn2Own: in five years, no one has taken home prize money for exploiting Chrome.

The Pwn2Own contest is set up by HP TippingPoint, with the aim of gathering data it can use to beef up its intrusion detection systems. However, Google is more interested in discovering end-to-end flaws and improving the security of its browser. Overall, Google’s decision to stop sponsoring Pwn2Own and offer its own higher bounties for Chrome exploits seems to have been well-received.

Emerging Tech

How Super Mario, Magic: The Gathering, and PowerPoint are low-key supercomputers

What if the creators of Super Mario World, PowerPoint, and even Magic: The Gathering had accidentally created tools hiding a general-purpose computer in plain sight? Turns out they have.
Computing

Your amazing PC rig needs an amazing computer case. These are the very best

There's an incredible variety of PC cases on the market, but a few stand above the rest. Any of our five best computer cases will make your desktop look and work great, no matter what your budget is.
Computing

Yes, Google tracks and collects your online purchases through Gmail. But why?

Google has been tracking your purchase history and while the company says that the tracking is part of an effort to help you keep track of your purchases, there are indications that there might be other, less clear motives for doing so.
Computing

HP slashes $200 off Spectre x360 laptops in Memorial Day deal

HP's Spectre x360 laptops are among the best premium convertible notebooks on the market today, and now you can save $200 on these laptops thanks to HP's Memorial Day sale. The 15-inch model also supports discrete graphics.
Product Review

The first AMD-powered Chromebook will make you wish you had Intel inside

The HP Chromebook 14 is a budget Chrome OS laptop that cuts its price in part by choosing AMD over Intel and by using plastic instead of metal. The results are mixed.
Computing

Windows 10 notifications driving you crazy? Here's how to get them under control

Are the notifications on Windows 10 annoying you? Here's our guide on how to turn off notifications in Windows, and how to manage alerts so that the important stuff still gets through.
Product Review

Oculus Quest is the affordable VR rig we’ve been waiting for

Oculus announced that its Project Santa Cruz virtual reality headset will ship next year as the Oculus Quest, and we got to try out several new game titles on the Quest. Find out our impressions of VR without wires.
Deals

Walmart Memorial Day sale: 4K TVs, laptops, and Apple iPads get price cuts

The Walmart Memorial Day sale has begun. With some pretty nice savings on Apple iPads, Samsung and Vizio 4K TVs, laptops, and Google Home devices, now is a great time to snag some electronics for cheap.
Deals

Best Memorial Day sales 2019: Walmart, Dell, and Home Depot start early

If you're looking to save big on some shiny new stuff for Memorial Day 2019, we've gathered everything you need to know into one place. Find out where to save the most money before the summer hits its stride.
Home Theater

Plex is free and easy, and you'll wonder how you survived without it

If you want a Netflix-like experience for the media you already own, you need Plex. It's the free media center software that automatically catalogs and plays your movies, music, photos, and more, on your TV. Here's how to use it.
Computing

Amazon’s one-day sale takes up to 69 percent off wireless accessories

Looking for a mechanical keyboard or a better mouse to take your gaming experience to the next level? You can now save up to 69 percent on these accessories through Amazon's sale. These prices are only good for today, so act fast!
Computing

Apple’s updated MacBook Pro may be twice as fast, but can it handle the gains?

Apple refreshed its MacBook Pro lineup, delivering up two twice the performance improvements. The 15-inch model tops out with an eight-core ninth-generation Intel processor and discrete AMD graphics alongside a slightly tweaked keyboard.
Computing

Dell XPS 13 laptops get steep price cuts before Memorial Day weekend

Dell is having an early access version of its Memorial Day sale, featuring deep discounts on its XPS 13 laptops. Customers can snag three different versions of the XPS 13 with discounts of up to $460.
Deals

HP Memorial Day sale: Spectre x360 Laptops, Omen gaming PCs, and printers

Memorial Day is a time for relaxation and remembrance, but it's also a huge season for yearly sales. The HP Memorial Day sale has deep discounts on laptops, desktop, printers, and more, and we’ve rounded up the best deals right here.