Google allocates millions of dollars to new Chrome hacking contest
Google has an incredible talent for Pi: it is trying to make fun of Apple and Microsoft in vain attempts to outbid patents, now the prize fund of $ 3.14159 million USD has been assigned to the Pwnium 3 contest, where Google offers craftsmen to work on the Chromium OS project as Google Chrome OS . How to work? Yes, as usual - to crack the test subject through a web page. The task is not easy, but the reward is rather big, and you can become well-known.
So, the conditions distinguish two variants of hacking:
What should a vulnerability work for? Here, the guys from Google are cunning and shoving not the canonical Chromebook of the type Cr-48 on the Atom or the Celeron, but a fresh Chromebook on the ARM chip from Samsung. Why is it important? And because for hacking you can use everything that is installed on the armbook, including kernel vulnerabilities, drivers, and even the long-suffering Flash. And in the case of ARM, this imposes a certain specificity. Although, given that this is a new class of devices, they might have missed something, remembering the bug in Exynos . If there is no such device for testing in the exercises, then Google suggests not to lose heart, but to work on their own image of the system from the Chromium project. The whole thing will take place in the framework of CanSecWest in Vancouver, which will begin on March 6 of this year.
In general, Google’s initiative to offer to hack Chrome OS, which is used by tenths of a percent of Internet users, deserves respect - the company decided not to follow the Android path, in which the full implementation of ASLR was done only by version 4.1, and from the very beginning to work closely on security, before the system gets any popularity. The head of Acer was already surprised that people are paying some attention to their laptops under Chrome OS, providing 10% of Acer's sales in the US without marketing efforts from Taiwanese. So, perhaps, Chrome OS will compete for the title of the most popular Linux-distribution, and there, what the hell is not joking, and on Mac OS will it blow?
Those who are not interested in the operating system can get a big hit by finding vulnerabilities in the framework of Pwn2Own 2013 , which Hewlett-Packard and Google fell on. However, it is not necessary to bypass the layering of Google Chrome sandboxes or Internet Explorer 10 in Windows 8, you can break Fireneris’s simpler architecture, or make fun of the long-suffering Java runtime from Oracle. You can get your 20 thousand dollars with success. For details, go here .
So, the conditions distinguish two variants of hacking:
- The simpler one implies the compromise of the Chrome browser or the Chrome OS system itself within the guest mode or the logged in user. The reward for such an action sets a new bar for rewards, equating it with prices on the black market: $ 110,000
- The more complicated one implies the complete demolition of the protection system with preservation of malicious code execution even after a restart in guest mode. For this, on top will add another 40 thousand evergreens, that is, as much as $ 150,000
What should a vulnerability work for? Here, the guys from Google are cunning and shoving not the canonical Chromebook of the type Cr-48 on the Atom or the Celeron, but a fresh Chromebook on the ARM chip from Samsung. Why is it important? And because for hacking you can use everything that is installed on the armbook, including kernel vulnerabilities, drivers, and even the long-suffering Flash. And in the case of ARM, this imposes a certain specificity. Although, given that this is a new class of devices, they might have missed something, remembering the bug in Exynos . If there is no such device for testing in the exercises, then Google suggests not to lose heart, but to work on their own image of the system from the Chromium project. The whole thing will take place in the framework of CanSecWest in Vancouver, which will begin on March 6 of this year.
In general, Google’s initiative to offer to hack Chrome OS, which is used by tenths of a percent of Internet users, deserves respect - the company decided not to follow the Android path, in which the full implementation of ASLR was done only by version 4.1, and from the very beginning to work closely on security, before the system gets any popularity. The head of Acer was already surprised that people are paying some attention to their laptops under Chrome OS, providing 10% of Acer's sales in the US without marketing efforts from Taiwanese. So, perhaps, Chrome OS will compete for the title of the most popular Linux-distribution, and there, what the hell is not joking, and on Mac OS will it blow?
Those who are not interested in the operating system can get a big hit by finding vulnerabilities in the framework of Pwn2Own 2013 , which Hewlett-Packard and Google fell on. However, it is not necessary to bypass the layering of Google Chrome sandboxes or Internet Explorer 10 in Windows 8, you can break Fireneris’s simpler architecture, or make fun of the long-suffering Java runtime from Oracle. You can get your 20 thousand dollars with success. For details, go here .
')
Source: https://habr.com/ru/post/167453/
All Articles