As part of the CanSecWest’s Pwn2Own competition Google is awarding a $20,000 prize to any hacker that can successfully exploit the Cr-48 Chrome laptop via a vulnerability and sandbox escape using the Chrome web browser.
At last year’s event Google’s Chrome browser was the only browser left intact, but with the added incentive of this year’s prize it might be a different story for Chrome.
According to the contest sponsors TippingPoint ZDI, a successful Chrome hack “must include a sandbox escape,” which means that a privilege escalation vulnerability may have to be combined with another security hole to cause full system compromise. Its a great way for Google to get thousands of hackers testing the robustness of their browser for a relatively small fee.
Other cash prizes are also available for hackers who can use unpublished (zero-day) browser flaws to remotely launch code against either 64-bit Windows 7 or Mac OS X machines using the major browsers latest release candidate.