Google has announced details of its fourth annual Pwnium competition, offering up a total of $2.71828 million in rewards for researchers who are able to crack the security of Chrome OS. As the math geeks might have already realized, that 2.71828m limit is in honor of the mathematical constant e.
The top prize is $150,00 for a “compromise with device persistence” delivered remotely; you can also pick up $110,000 for a “browser or system-level compromise” applied as a logged-in or guest user. Prospective hackers can choose between the Wi-Fi-only HP Chromebook 11 or the Acer C720 Chromebook for their attempted break-ins.
You can earn yourself a bonus for exploits that are “particularly impressive or surprising” — examples include exploiting the kernel directly from a renderer process, exploiting memory corruption in the 64-bit browser process or defeating KASLR (the Kernel Address Space Layout Randomization feature designed to make it harder for security threats to take hold).
“Security is a core tenet of Chromium [the foundation of Chrome and Chrome OS], which is why we hold regular competitions to learn from security researchers,” writes Google’s Jorge Lucángeli Obes. “Contests like Pwnium help us make Chromium even more secure. This year Pwnium 4 will once again set sights on Chrome OS, and will be hosted in March at the CanSecWest security conference in Vancouver.”
Last year no one was able to break through Chrome OS’s defenses, though some partial rewards were issued. Fancy your chances this time around? Head over to the official rules page for a detailed breakdown. You’ll need to register in advance and get your name down before Monday, March 10 to be involved.
