Chrome OS runs the table at Pwnium 3

Hackers at the CanSecWest event in Vancouver couldn't break Google's latest version of Chrome OS in the company's Pwnium 3 contest, leaving the $3.14159 million (yes, that's Pi, for those keeping track at home) in prize money untouched.

Pwnium is a hacking contest -- similar to the better-known Pwn2Own event, which is also held at the CanSecWest convention -- that challenges the best in the security business to attack Google's products in the hope of winning cash prizes.

[ MORE CHROME: Google confirms high-end Chromebook Pixel, surprising some ]

The company's Chrome team announced in a Google+ post that no successful exploits were found by the assembled hackers, despite the extension of the deadline to 5 p.m. PST yesterday, though the post also said that some partial exploits were being evaluated.

Google had been offering up to $150,000 per exploit, depending on specifics -- top prizes were earmarked for those who found device-persistent hacks (i.e., those that would remain in place even after a reboot), while $110,000 was offered for less thorough attacks.

While Chrome OS made it through Pwnium unscathed, the larger Pwn2Own contest saw the Chrome browser successfully exploited by researchers from MWR Labs, a U.K.-based security firm, who won $100,000 in the process.

Making the MWR Labs exploit even more impressive is the fact that Google released a major security update just days before the event kicked off, patching several fairly serious vulnerabilities.

Pwn2Own also saw IE10, Firefox, Adobe Reader, Flash and -- on four separate occasions -- Java exploited by the skilled hackers in attendance. The biggest winner was France's VUPEN Security, which successfully hacked IE10, Firefox, Java and Flash. The company's total winnings came to $250,000, according to Sophos Security.

Email Jon Gold at and follow him on Twitter at @NWWJonGold.

Read more about software in Network World's Software section.

Join the CSO newsletter!

Error: Please check your email address.

Tags LinuxtelecommunicationapplicationsAndroidmobileoperating systemsconsumer electronicsChrome OSGooglesecuritychromebooksmartphonesMobile OSessoftware

More about Adobe SystemsGoogleHPSophos

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Jon Gold

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts