Google has set a twenty-thousand dollar bounty for the first successful hacking exploit of the company's Chrome browser in the Pwn2Own 2011 competition.
Other bounties offered in the annual challenge include $15K awards for successful hacks of the Safari, Internet Explorer and Firefox browsers - three times as much as has been offered in prior competitions.
The competition begins on March 9 at the CanSecWest security conference in Vancouver, British Columbia.
"We've upped the ante this time around and the total cash pool allotted for prizes has risen to a whopping $125,000," said Aaron Portnoy of HP TippingPoint's security research team, sponsors of the Pwn2Own competition.
This is Google's first appearance in the hacker challenge, and the company is the first to offer up a cash award for the successful exploitation of their own product.
According to an article in CIO, the Google Chrome hack requires more prowess than attacks on other browsers because Chrome employs a "sandbox" security protocol.
"The rules for Chrome are slightly different than for the other browsers because it's the only one of the four that uses a "sandbox," an anti-exploit defense. A sandbox isolates system processes, preventing or at least seriously hindering malware from escaping an application -- in this case Chrome -- to wreak havoc on the computer. To exploit a sandboxed program like Chrome, researchers require not one but two vulnerabilities: The first to allow their attack code to escape the sandbox, and a second to exploit a Chrome bug," the CIO article stated.
If two exploits can not be found to compromise the Chrome browser, on the second and third days of the competition researchers may employ a non-Chrome bug - such as a Windows weakness - to complete the hack.
The prize for utilizing a non-Chrome flaw in the Google challenge reduces the prize offered by Google to $10k, but TippingPoint has offered to match that amount.
Source: http://www.cio.com/article/661625/Google_Bets_20K_That_Chrome_Can_t_Be_Hacked
