Google Announced Pwnium2 to Increase the Level of Bonuses for Chromium Vulnerability Rewards
The world's most popular search giant, Google has announced Pwnium2 and has increased the level of bonuses it pays through its Chromium Vulnerability Rewards Program.
Google has decided to add a bonus of $1,000 or more on top of the amounts already on offer to those who report exploitable bugs on it's Chromium web browser.
The Chromium Vulnerability Rewards Program is an ongoing program by Google. It sums up to $10,000 rewards for the past few years. With the program, Chrome is currently the safest browser, thanks to the effort of security researchers.
Google has already retroactively awarded a bonus of $3,000 to demonstrate how the updated scheme will work.
With the announcement of Pwmnium2, the company we'll be sponsoring up to $2 Million worth of rewards and the reward levels are closer together than the previous one, to reflect that any local account compromise is very serious.
The new contest will take place in conjunction with the Hack in the Box 10 year anniversary conference in Kuala Lumpur, Malaysia. It will be held in October 10, 2012.
Here are three set levels with multiple awards on offer:
$60,000: "Full Chrome exploit": Chrome / Win7 local OS user account persistence using only bugs in Chrome itself.
$50,000: "Partial Chrome exploit": Chrome / Win7 local OS user account persistence using at least one bug in Chrome itself, plus other bugs. For example, a WebKit bug combined with a Windows kernel bug.
$40,000: "Non-Chrome exploit": Flash / Windows / other. Chrome / Win7 local OS user account persistence that does not use bugs in Chrome. For example, bugs in one or more of Flash, Windows or a driver.
For more details just visit the official Chromium Blog Site.