A $1 million purse that Google has offered to hackers who can produce
zero-day exploits against its Chrome browser appears to be safe after
the first day of its three-day Pwnium hacking contest, which yielded
just one contestant and one successful zero-day attack.
The absence of competitors has made for a very quiet contest,
particularly since the sole competitor in the Google competition so far
didn’t even show up for the event. The successful attack code, which
actually exploited two vulnerabilities in Chrome, was developed by
Russian university student Sergey Glasanov, who lives somewhere outside
Siberia and sent in his code via a proxy who was present at the contest
event.
Glasanov earned $60,000 from Google for his exploit. The remaining $940,000 in the purse,
which Google has promised to pay out in increments of $60,000, $40,000
and $20,000 – depending on the severity and characteristics of the
exploits – is awaiting other challengers who so far have yet to join the
contest.
