Chrome OS runs the table at Pwnium 3
- 08 March, 2013 23:13
Hackers at the CanSecWest event in Vancouver couldn't break Google's latest version of Chrome OS in the company's Pwnium 3 contest, leaving the $3.14159 million (yes, that's Pi, for those keeping track at home) in prize money untouched.
Pwnium is a hacking contest -- similar to the better-known Pwn2Own event, which is also held at the CanSecWest convention -- that challenges the best in the security business to attack Google's products in the hope of winning cash prizes.
[ MORE CHROME: Google confirms high-end Chromebook Pixel, surprising some ]
The company's Chrome team announced in a Google+ post that no successful exploits were found by the assembled hackers, despite the extension of the deadline to 5 p.m. PST yesterday, though the post also said that some partial exploits were being evaluated.
Google had been offering up to $150,000 per exploit, depending on specifics -- top prizes were earmarked for those who found device-persistent hacks (i.e., those that would remain in place even after a reboot), while $110,000 was offered for less thorough attacks.
While Chrome OS made it through Pwnium unscathed, the larger Pwn2Own contest saw the Chrome browser successfully exploited by researchers from MWR Labs, a U.K.-based security firm, who won $100,000 in the process.
Making the MWR Labs exploit even more impressive is the fact that Google released a major security update just days before the event kicked off, patching several fairly serious vulnerabilities.
Pwn2Own also saw IE10, Firefox, Adobe Reader, Flash and -- on four separate occasions -- Java exploited by the skilled hackers in attendance. The biggest winner was France's VUPEN Security, which successfully hacked IE10, Firefox, Java and Flash. The company's total winnings came to $250,000, according to Sophos Security.
Email Jon Gold at firstname.lastname@example.org and follow him on Twitter at @NWWJonGold.
Read more about software in Network World's Software section.