Google ran their first Pwnium competition earlier this year with a good level of success. They received two submission of complexity and quality that both of them won Pwnie Awards at this years BlackHat.

Chrome Hacked As a result Google have announced they will host another Pwnium competition, aka Pwnium 2. It will be held at Hack In The Box in Kuala Lumpur, Malaysia on October 10th, 2012.

Pwnium 2 will have up to $2 Million of rewards at the following levels:

  • $60,000: “Full Chrome exploit”: Chrome / Win7 local OS user account persistence using only bugs in Chrome itself.
  • $50,000: “Partial Chrome exploit”: Chrome / Win7 local OS user account persistence using at least one bug in Chrome itself, plus other bugs. For example, a WebKit bug combined with a Windows kernel bug.
  • $40,000: “Non-Chrome exploit”: Flash / Windows / other. Chrome / Win7 local OS user account persistence that does not use bugs in Chrome. For example, bugs in one or more of Flash, Windows or a driver.
  • $Panel decision: “Incomplete exploit”: An exploit that is not reliable, or an incomplete exploit chain. For example, code execution inside the sandbox but no sandbox escape; or a working sandbox escape in isolation.

Exploits should be demonstrated against the latest stable version of Chrome. Both Chrome and the underlying OS will be fully patched and running on a Acer laptop, which in turn will be a prize to the best entry. Additionally exploits must be served from a password protected and HTTPS Google property (e.g. Google App Engine), plus the vulnerabilities must be novel, i.e. not known by Google or fixed on trunk.