January 29, 2013, 11:16 AM — Google on Monday announced it would again host its Pwnium hacking contest at a March security conference, but boosted the maximum amount it will pay to $3.14 million and changed the target to its browser-based operating system, Chrome OS.
Dubbed Pwnium 3, the challenge will pit researchers against its still-struggling-for-relevance Chrome OS, rewarding those who can hack the operating system with individual prizes of $110,000 and $150,000.
Google capped the total up for grabs at $3.14159 million, giving multiple researchers a chance at prize money. The "3.14159" comes from the first six digits of the value of .
Each hacker able to compromise Chrome OS or the browser that is its foundation -- Chrome -- from an exploit-serving website will receive $110,000 said Chris Evans, an engineer with the Chrome security team, in a Monday entry on the Chromium project's blog.
Researchers who manage to accomplish what Evans called a "compromise with device persistence," meaning that the hijack survives a reboot of the Chrome OS-powered notebook, will receive the larger award of $150,000.
"We believe these larger rewards reflect the additional challenge involved with tackling the security defenses of Chrome OS, compared to traditional operating systems," said Evans.
Pwnium 3 will take place March 7 at CanSecWest, the Vancouver, British Columbia, security conference where Google will also partner with HP TippingPoint's Zero Day Initiative (ZDI) bug bounty program to host Pwn2Own. That contest, with $560,000 in total cash prizes, will focus on Web browsers, including Chrome, Microsoft's Internet Explorer (IE) and Mozilla's Firefox, as well as plug-ins from Adobe and Oracle.
The contest cooperation at CanSecWest will be quite different this year than in 2012, when Pwn2Own and Pwnium were rivals. Google inaugurated Pwnium then after it withdrew its financial support from Pwn2Own after it and HP couldn't agree on the rules -- specifically, whether researchers would be required to divulge full exploits and hand over all the vulnerabilities they used to hack a browser.