Pwn2Own organisers claim Google's $1m alternative hackathon set to flop

02 Mar 2012

Who wouldn't be tempted by a $1m cash pot for spotting flaws in Google's flagship Chrome browser? Well, the answer – according to some – is the very computer scientists with the necessary hacking skills to crack the browser that Google is hoping to attract.

This pointed barb was chucked Google's way after it admitted that it had withdrawn its offer of sponsorship for the infamous Pwn2Own browser hacking contest, which takes place at the CanSecWest conference on

Google it seems was unhappy that some entrants might be able to make off with the Pwn2Own booty, without having to divulge the secrets of the exploits that succeeded against its browser.

Instead, Google has set up its own Chrome-hacking competition, complete with $1m in cash prizes to hand out – with top prizes of $60,000 for full Chrome exploits.

But the organisers of the Pwn2Own contest have hit back at what they see as a misrepresentation of their contest.

In a blog post, the Zero Day Initiative team point out that the Pwn2Own competition has a long history of handing out rewards for the disclosure of so-called code execution vulnerabilities.

The organisers also demand that teams also demonstrate any so-called sandbox escapes they use in the competition – but they are not required to provide full disclosure of these types of exploit.

These second type of exploit are both rare – and potentially very lucrative for hackers, the organisers wrote:

“We strongly believe that those considering participating in Pwn2Own would not do so without a considerable reward [for sandbox escapes].”

They also had some harsh words about Google's alternative competition.

“It is fair to say that a sophisticated sandbox-escape exploit could certainly wreak more than $60,000 worth of damage in the enterprise space,” they wrote.

“That is why such an exploit against Chrome will never see the light of day at CanSecWest. Instead, the grand Google prize will go unclaimed and the great takeaway from Pwnium will be that Google Chrome is unhackable.”

Google's hubris could actually be a set back the browser security, they added.

One commentator tweeted:

About The Frontline

Insight into the latest tech news from's team of reporters

Ruby Dev-Ops Engineer.

A video hosting platform in over 75 different countries...

Infrastructure Systems Administrator

Infrastructure Systems Administrator This unique opportunity...

Business Analyst, Systems Analyst

Business Analyst, Web Analyst, Systems Analyst This...

2nd Line Technical Support Engineer

A 2 nd line technical engineer is required by an expanding...

Browse posts by date

Cal_navigation_previousMarch 2012Cal_navigation_next

Other sites we like at The Frontline