Story image

Can you hack Google Chrome for US$2.7m?

27 Jan 14

Google has offered a US$2.7m bounty to anyone capable of hacking its Chrome OS, in the search giant's fourth annual Pwnium competition.

"Security is a core tenet of Chromium, which is why we hold regular competitions to learn from security researchers," says Jorge Lucángeli Obes, Security Engineer and Master of Ceremonies, Google.

"Contests like Pwnium help us make Chromium even more secure. This year Pwnium 4 will once again set sights on Chrome OS, and will be hosted in March at the CanSecWest security conference in Vancouver.

With a total of $2.71828 million USD in the pot (mathematical constant e for the geeks at heart), Google will issue Pwnium rewards for eligible Chrome OS exploits at the following levels:

* $110,000 USD: browser or system-level compromise in guest mode or as a logged-in user, delivered via a web page.

* $150,000 USD: compromise with device persistence: guest to guest with interim reboot, delivered via a web page.

New this year, the search giant will also consider significant bonuses for demonstrating a particularly impressive or surprising exploit. Potential examples include defeating kASLR, exploiting memory corruption in the 64-bit browser process or exploiting the kernel directly from a renderer process.

Past Pwnium competitions have focused on Intel-based Chrome OS devices, but this year researchers can choose between an ARM-based Chromebook, the HP Chromebook 11 (WiFi), or the Acer C720 Chromebook (2GB WiFi) that is based on the Intel Haswell microarchitecture. The attack must be demonstrated against one of these devices running the then-current stable version of Chrome OS.

Any software included with the default installation may be used as part of the attack. For those without access to a physical device, the Chromium OS developer’s guide offers assistance on getting up and running inside a virtual machine, but note that a virtual environment might differ from the physical devices where the attack must be demonstrated.

To make sure everyone has enough time to demonstrate their exploit, Google will require participants to register in advance for a timeslot. To register, e-mail pwnium4@chromium.org.

Registration will close at 5:00 p.m. PST Monday, March 10th, 2014. Only exploits demonstrated on time in this specifically-arranged window will be eligible for a reward.

New app conducts background checks on potential tenants
Landlords and house owners need to obtain a tenant’s full name, date of birth, email address, and mobile number in order to conduct the search. And most importantly, they have to get the tenant’s permission first.
GirlBoss wins 2018 YES Emerging Alumni of the Year Award
The people have spoken – GirlBoss CEO and founder Alexia Hilbertidou has been crowned this year’s Young Enterprise Scheme (YES) Emerging Alumni of the Year.
IDC: Standalone VR headset shipments grow 428.6% in 3Q18
The VR headset market returned to growth in 3Q18 after four consecutive quarters of decline and now makes up 97% of the combined market.
Meet Rentbot, the chatbot that can help with tenancy law
If you find yourself in a tricky situation  - or if you just want to understand your rights as a landlord or tenant, you can now turn to a chatbot for help.
PlayerUnknown’s Battlegrounds (PUBG) finally releases on PS4
PUBG on PS4 feels like it’s still in Early Access as the graphics look horribly outdated and the game runs poorly too. 
How AI can fundamentally change the business landscape
“This is an extremely interesting if not pivotal time to discuss how AI is being deployed and leveraged, both in business and at home.”
CERT NZ highlights rise of unauthorised access incidents
“In one case, the attacker gained access and tracked the business’s emails for at least six months. They gathered extensive knowledge of the business’s billing cycles."
Report finds GCSB in compliance with NZ rights
The Inspector-General has given the GCSB its compliance tick of approval for the fourth year in a row.