Google has announced the fourth edition of its Pwnium competition for Chrome OS this March at the CanSecWest security conference in Vancouver. Up for grabs is a whopping $2.71828 Million!
Security researchers can now choose between an ARM-based Chromebook (the WiFi-only HP Chromebook 11) or the Acer C720 Chromebook (the WiFi-only 2GB version) that is based on the Intel Haswell microarchitecture. It must be recalled that last year, only Intel-based Chrome OS devices were allowed to be hacked at the competition. Further, the attack must be demonstrated against the devices running whatever the Chrome OS stable version is at the time.
Google further revealed that it will be giving out bonuses to all those who come up with impressive or surprising exploit that may involve exploiting memory corruption in 64-bit browser processes or defeating kASLR or exploiting kernel from renderer processes. The full exploit must be given to Google, with explanations for all individual bugs used, all of which must be unknown, and exploits should be served from a password-authenticated and HTTPS-supported Google App Engine URL. Notably, no exploits for Chrome OS were found last year.
Like us on facebook
Shivam Kotwalia, CodeKill
| Continuing with the trend starting in 2013, those who can hack Chrome OS will walk away with a six figure reward at Google's fourth Pwnium competition this March. The company will be offering up to a total of $2.71828 million in rewards for security researchers who manage to hack Chrome OS. The breakdown of Pwnium 4’s rewards is as follows: $110,000 (browser or system-level compromise in guest mode or as a logged-in user, delivered via a web page.) and $150,000 (compromise with device persistence: guest to guest with interim reboot, delivered via a web page.) |  |
Security researchers can now choose between an ARM-based Chromebook (the WiFi-only HP Chromebook 11) or the Acer C720 Chromebook (the WiFi-only 2GB version) that is based on the Intel Haswell microarchitecture. It must be recalled that last year, only Intel-based Chrome OS devices were allowed to be hacked at the competition. Further, the attack must be demonstrated against the devices running whatever the Chrome OS stable version is at the time.
Google further revealed that it will be giving out bonuses to all those who come up with impressive or surprising exploit that may involve exploiting memory corruption in 64-bit browser processes or defeating kASLR or exploiting kernel from renderer processes. The full exploit must be given to Google, with explanations for all individual bugs used, all of which must be unknown, and exploits should be served from a password-authenticated and HTTPS-supported Google App Engine URL. Notably, no exploits for Chrome OS were found last year.
Like us on facebook
Shivam Kotwalia, CodeKill
No comments:
Post a Comment