Final Chrome Fixes Made Before Weekend Hack Attack
Google announced Monday (March 4) that 10 bugs found in the newest version of its Chrome Web browser had been fixed in time for the Pwn2Own hacking contest being held this weekend at the CanSecWest security conference in Vancouver, British Columbia.
This year's contest offers up to $485,000 in potential prize money over three days for hackers who can break into today's most widely used Web browsers.
It's not just Chrome that's preparing itself for the impending attack. Microsoft issued two updates last month to fix 14 security bugs in Internet Explorer versions 9 and 10. Mozilla fixed eight bugs in Firefox last month.
These Web giants are smart to get to work in advance of the Pwn2Own contest, because they have to pay up if their systems are cracked. The first hacker to break Chrome on Windows 7 or Internet Explorer 10 on Windows 8 gets $100,000, according to the posted Pwn2Own rules.
Smaller prizes of $70,000 and under will be awarded to those who crack Adobe Flash Player, Adobe Reader, Apple Safari, Firefox or Java.
Living up to its name, the Pwn2Own contest also allows successful browser hackers to keep the laptops on which they perform the exploits.
Four of the 10 Chrome bugs patched by Google were reported by independent researchers as part of Chrome's bug-bounty program. ComputerWorld said Google has already paid out $15,500 in bounties this year.
In addition to co-hosting the seventh annual Pwn2Own contest with Hewlett-Packard, Google will also host its rival hacking competition, Pwnium, during CanSecWest.
Successful Pwnium hackers could take home a total of $3.14159 million — that's right, pi million dollars — in prize money for cracking Google's Chrome operating system on a Samsung Series 5 550 Chromebook.
Among the Pwnium prizes are $110,00 to be had for what Google calls a "browser or system-level compromise in guest mode or as a logged-in user, delivered via a Web page," and $150,00 for a "compromise with device persistence — guest-to-guest with interim reboot, delivered via a Web page."