Vulnerability Research - Google Offers $20K Prize for Chrome Exploit in Pwn2Own Contest - eWeek Security Watch
Security Watch
SHARE
Facebook X Pinterest WhatsApp

Google Offers $20K Prize for Chrome Exploit in Pwn2Own Contest

Written By
Brian Prince
Brian Prince
Feb 3, 2011
2 minute read
eWeek content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

The annual Pwn2Own contest always claims a number of victims, from the Apple iPhone to Microsoft Internet Explorer. But Google, whose Chrome browser emerged untargeted and unscathed last year, is feeling confident.

How else to explain their decision to offer a $20,000 reward for the researcher who can exploit the Chrome browser?

“Kudos to the Google security team for taking the initiative to approach us on this; we’re always in favor of rewarding security researchers for the work they too often do for free,” blogged Aaron Portnoy, manager of the security research team at TippingPoint Technologies.

All totaled, HP TippingPoint, whose ZDI (Zero Day Initiative) team runs the contest, is offering $125,000 in rewards. As usual, the competition will focus on Web browsers and mobile devices. The bull’s eye is on Internet Explorer, Google Chrome, Apple Safari and Mozilla Firefox, with each browser installed on a 64-bit system running the latest version of either OS X or Windows 7.

Taking down IE, Safari or Firefox will net the researcher $15,000 in cash, a laptop and 20,000 ZDI reward points, which qualifies them for a variety of benefits. As for Chrome, the contest will have two parts. Day one will offer the $20,000 reward and a CR-48 notebook for the contestant who can exploit the browser and escape the sandbox using vulnerabilities present in Google-written code.

If the competitors are unsuccessful, on day two and three, the ZDI will offer $10,000 for a sandbox escape in non-Google code, and Google will put up $10,000 for the Chrome bug. Either way, plug-ins other than the built-in PDF support are out of scope, Portnoy explained.

“Last year the contest was a great success, with three of the four browsers successfully compromised as well as the Apple iPhone,” he wrote.

The contest will take place March 9-11in Vancouver, B.C., during the CanSecWest conference. Preregistration will close on Feb. 15, though on-site registration will be allowed as well. To register ahead of time, send an e-mail to zdi@tippingpoint.com with the following information: name, intended target, and any requirements, such as static IP addresses and so forth.
Brian Prince
eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

facebook
linkedin
youtube
rss
x

Company

About us Contact us Advertise with us

Categories

Latest News Resources Artificial Intelligence Video Big Data & Analytics Cloud Networking

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

Terms of Service Privacy Policy California - Do Not Sell My Information