Added premium placed on Chromium flaws ahead of Microsoft’s Edge migration

Security researchers participating in this year’s Pwn2Own hackathon in Canada can now earn even bigger payouts for Chrome browser exploits, the event’s organizers have confirmed.

Trend Micro’s Zero Day Initiative (ZDI) announced on Monday that researchers who are able to break out of Chrome and take full control of a device will receive $80,000 – up on the $70,000 that was on offer last year.

The prize hike comes on the heels of Microsoft’s recent announcement that it will rebuild its Edge browser using the open source Chromium framework.

“We do put a premium on different web browsers,” Dustin Childs, communications manager for ZDI, told The Daily Swig this week.

“Google Chrome has a wider user base and a perceived higher level of security than Mozilla Firefox. That’s why a successful Chrome exploit earns $80,000, while Firefox is only $40,000.”

Pwn all the things

Due to take place in Vancouver, Canada, on March 20-22, Pwn2Own is a firm fixture on the security research calendar.

In addition to the Chrome payout boost, ZDI is offering $80,000 to any researcher who can successfully exploit Edge by escaping the Windows Defender Application Guard (WDAG) container to the host OS.

WDAG was launched in 2016 in order to protect against targeted threats using Microsoft’s Hyper-V virtualization technology.

“We’ve never seen a full WDAG exploit at the contest before, so we’re hoping the extra incentive will encourage someone to try,” said Childs.

Microsoft is currently paying out a maximum of $30,000 for WDAG exploits under its own bug bounty program.

From browsers to brake pads

Among the other anticipated highlights of Pwn2Own 2019 is the addition of a new category that focuses on security vulnerabilities in connected cars.

“We’ll have a Tesla Model 3 on-site as a target for our automotive category, which has six different focal points for in-scope research,” ZDI said.

Prizes in this new category range from $35,000 to $300,000. And what’s more, the first successful researcher will be driving off in their own brand new Model 3 after the competition ends.


RELATED No phone left standing after Pwn2Own mobile hacking blitz