x PhoneArena is looking for new authors! To view all available positions, click here.
  • Home
  • News
  • Chrome OS emerges from Pwnium 3 unscathed, Chrome, IE and Firefox fall at Pwn2Own

Chrome OS emerges from Pwnium 3 unscathed, Chrome, IE and Firefox fall at Pwn2Own

Posted: , by Maxwell R.

Tags:

Chrome OS emerges from Pwnium 3 unscathed, Chrome, IE and Firefox fall at Pwn2Own
Google has a well earned reputation for paying big bucks to those that can demonstrate vulnerabilities in its products. At the Pwnium 2 event last year, a hacker known as “Pinky Pie” earned $60,000 for exploiting two core vulnerabilities in the Chrome Browser.

After cutting a check, Google sent the information on to its own code jockeys and a patch was deployed across all platforms in less than 10 hours.

At Pwnium 3, Google had a pool of $3.14159 million (see what they did there?) up for grabs for hackers to expose whatever security holes they could find. One of the targets was a Samsung Series 5 550 Chromebook. Entrants could not exploit any vulnerabilities in Chrome OS.

Certainly that is a testament to Google’s work, although that does not mean there is nothing left to find. Still that is a pretty impressive outcome. Google’s Chrome browser (along with the other browsers) did not fare so well however.

At the Pwn2Own event, put on by HP TippingPoint’s Zero Day Initiative, the Chrome browser fell hard. A hacker known as Nils who was working with a group called MWR Labs did a full Chrome exploit and picked up a $100,000 reward for his efforts. The exploits were found after bypassing a series of memory protection mechanisms.

Microsoft’s Internet Exporer and Firefox were also hacked. VUPEN, a security firm, also used a memory related vulnerability and earned $60,000 for its trouble with Firefox. The group then picked up an additional $100,000 for taking down Internet Explorer. VUPEN also demonstrated a Java overflow exploit and took home an extra $20,000.

The money is more than a reward, it is also a purchase. HP and Google basically agree to buy these vulnerabilities so they can create needed patches and improve the products. Apple’s Safari browser was up for grabs too. HP had $75,000 waiting but no one pre-registered for the event to take it on.

sources: Engadget, eSecurity Planet, and ZDNet

23 Comments
  • Options
    Close




posted on 10 Mar 2013, 01:20 13

1. shuaibhere (Posts: 1297; Member since: 07 Jul 2012)


Chrome OS with linux kernel is more secure...
this proves how secure linux kernel is...

posted on 11 Mar 2013, 00:17

21. gallison1983 (Posts: 41; Member since: 19 Dec 2012)


And that's when you get hacked. Just because it hasn't happened doesn't mean it couldn't

posted on 10 Mar 2013, 03:20 10

2. faisolbauuz (Posts: 121; Member since: 05 Jan 2013)


Forever alone HP offered 75000$ for a prize no one wants to participates

posted on 10 Mar 2013, 05:48 4

3. SuperNexus (Posts: 112; Member since: 18 Jan 2013)


No wonder Googe products are wonderful.

posted on 10 Mar 2013, 05:48 3

4. Droid_X_Doug (Posts: 5573; Member since: 22 Dec 2010)


Props to Google and Chrome OS. $3.14 million and no successful hack.

posted on 10 Mar 2013, 06:46 7

5. networkdood (Posts: 6260; Member since: 31 Mar 2010)


If I were a hacker, I would not bother with Safari, either.

posted on 10 Mar 2013, 07:38 1

7. protozeloz (Posts: 5371; Member since: 16 Sep 2010)


They didn't.... Its full of wholes anyways

posted on 10 Mar 2013, 06:53

6. xperiaDROID (Posts: 5149; Member since: 08 Mar 2013)


I love Chrome (Google)!!!!

posted on 10 Mar 2013, 08:46 2

8. aditya.k (Posts: 459; Member since: 10 Mar 2013)


Lol. No one cares about safari. xD

posted on 10 Mar 2013, 10:58 1

10. haseebzahid (Posts: 1812; Member since: 22 Feb 2012)


whats that O_o

posted on 10 Mar 2013, 10:58 1

9. haseebzahid (Posts: 1812; Member since: 22 Feb 2012)


i dont understand chrome breswer is si famous and good but when i install it only thing it does in crash :( so i have to stick with firefox why

posted on 10 Mar 2013, 11:52

14. jroc74 (Posts: 4720; Member since: 30 Dec 2010)


One things for certain....if everybody else or the majority had the same experience as you....it wouldnt be so famous or considered good.

Chome has some issues with add ons, extensions. Opera does too. Its either find alternatives, or hope Google and/or the companies fix it. AI Roboform add on didnt work too good with Chrome, and I like some things about the Google Toolbar. Both of those things had issues in Chrome. (Google Toolbar is understandable; and its officially not available for FF anymore....I needed to do some hackery to get it working again)

Thats why I go with Firefox. For speed....Chrome is good. Opera too.

posted on 10 Mar 2013, 16:04

16. haseebzahid (Posts: 1812; Member since: 22 Feb 2012)


so you are saying it does crash well i hoped it could run f9 but tried 3 times and now it is lying at the corner of my taskbar

posted on 10 Mar 2013, 22:23

19. jroc74 (Posts: 4720; Member since: 30 Dec 2010)


Its not like it crashes every 10 minutes for me...lol. But it just doesnt play well with some stuff I uses regularly. Opera is worse with the stuff I use.

I'm probably better off finding an alternative to the things I use. Like for AI Roboform....Last Pass works better with Opera and Chrome. And its cheaper.

posted on 10 Mar 2013, 11:11 2

11. papss (unregistered)


I'm a foxfire guy myself.. Chrome looks awkward at best to me.

posted on 10 Mar 2013, 11:42

12. jroc74 (Posts: 4720; Member since: 30 Dec 2010)


I kinda dont like how Chrome looks too.

I like FF for functionality, but I like Chrome and Opera for speed. I use IE as a last resort for compatibility issues. Like last week I couldnt login to Pepco website on FF to pay my bill. I had no problem of IE.

Its funny that the latest IE took design cues from Chrome.

posted on 10 Mar 2013, 12:31 1

15. papss (unregistered)


Agreed.. Only time I use IE is on my l920 and that is because I have too. I love my foxfire, my only real knock against chrome is with placement of everything. It is pretty fast though

posted on 10 Mar 2013, 16:06 1

17. haseebzahid (Posts: 1812; Member since: 22 Feb 2012)


i heard the best use of previous IE1...8 was to download a better broswer :D dont know if 9 or 10 is doing better

posted on 10 Mar 2013, 17:46 1

18. papss (unregistered)


It's not terrible and works pretty well in mobile form but still prefer ff

posted on 10 Mar 2013, 22:26

20. jroc74 (Posts: 4720; Member since: 30 Dec 2010)


For me, IE7 was the best IMO. After 7....IE changed the way it handled bookmark folders. That drove me to Firefox and other borwsers, havent looked back since.

posted on 10 Mar 2013, 11:46

13. Gdrye (Posts: 101; Member since: 02 Jan 2012)


With Android being the open source "nightmare" that Google is fearing. with samsung being too dominate and Amazon just ripping everything out just to put their stuff in there, would a Chrome mobile OS be something to watch out for? maybe a lil more closed, with Chrome and Android apps compatible?

posted on 11 Mar 2013, 00:21

22. gallison1983 (Posts: 41; Member since: 19 Dec 2012)


I wouldn't mind seeing a Chrome Phone. As far as attackability, Chrome OS has it done right. It has a low surface area of attack. You can either attack it from the web or attack it from Google's services itself. I would LOVE to get a Chromebook Pixel.

posted on 11 Mar 2013, 02:26

23. UrbanPhantom (Posts: 949; Member since: 30 Oct 2012)


Chrome OS is dead in the water. Who are you people kidding?

Want to comment? Please login or register.

Latest stories