Google has announced the fourth edition of its Pwnium competition for Chrome OS this March at the CanSecWest security conference in Vancouver.
Continuing the trend starting 2013, those who can hack Chrome OS will walk away with a six figure reward. The breakdown of this year’s rewards is as follows:
$110,000 USD: browser or system-level compromise in guest mode or as a logged-in user, delivered via a web page.
$150,000 USD: compromise with device persistence: guest to guest with interim reboot, delivered via a web page.
Google further revealed that it will be giving out bonuses to all those who come up with impressive or surprising exploit that may involve exploiting memory corruption in 64-bit browser processes or defeating kASLR or exploiting kernel from renderer processes.
Researchers are free to use either an Intel based Chromebook or an ARM based Chrome OS device including HP Chromebook 11 (Wi-Fi) or Acer C720 Chromebook (WiFi) based on the Intel Haswell microarchitecture. Further, researchers will have to demonstrate their hacks against a device running the latest stable version of Chrome OS.
Another requirement is that researchers will be required to hand over full details of the exploit including details about individual bugs used during the hack (the bug(s) should be unknown). Google notes that the “exploits should be served from a password-authenticated and HTTPS-supported Google App Engine URL.”