Google's reward is at following two levels, up to a total of $3.14159 million USD:
- $110,000: browser or system level compromise in guest mode or as a logged-in user, delivered via a web page.
- $150,000: compromise with device persistence -- guest to guest with interim reboot, delivered via a web page.
The requirement is, the attack must be demonstrated against a base (WiFi) model of the Samsung Series 5 550 Chrome Book, running the latest stable version of Chrome OS. Any installed software (including the kernel and drivers, etc.) may be used to attempt the attack.
For those without access to a physical device, note that the Chromium OS developer’s guide offers assistance on getting up and running inside a virtual machine.
This is the 3rd year Google running the competition, so the award is called Pwnium 3.