On day one, contestants will have a chance to win Google's $20,000 prize along with the CR-48 running ChromeOS by hacking the company's Chrome browser. Participants will have to escape the browser's sandbox using vulnerabilities solely within Google-written code. If that proves too challenging, things will be tamed down on the following days. Event organizer ZDI will offer $10,000 for escaping the sandbox using non-Google code and Google will grant $10,000 for finding a bug in Chrome.
Competitors who successfully exploit Internet Explorer, Safari or Firefox will bag a $15,000 cash prize as well as a laptop. Hackers will also get an opportunity to have their way with various mobile phone platforms including iOS on an iPhone 4, Windows Phone 7 on a Dell Venue Pro, Blackberry 6 on a Blackberry Torch 9800, and Android on a Nexus S. Successfully compromising any of those targets will secure the participant $15,000 in cash, the device itself, and 20,000 ZDI reward points.
It's worth mentioning that Chrome went unscathed during Pwn2Own 2010, while Safari, Internet Explorer 8 and Firefox were all compromised in the first day. Participants received $10,000 for exploiting browsers last year, so it should be interesting to see if Google's sponsored $20,000 cash prize leads to the exploitation of Chrome this year. That's quite the sum when compared to the company's usual $3,133.70 reward for discovering critical vulnerabilities in Chrome -- a bounty that is rarely claimed.