Chrome OS emerges from Pwnium 3 unscathed, Chrome, IE and Firefox fall at Pwn2Own
Share:
After cutting a check, Google sent the information on to its own code jockeys and a patch was deployed across all platforms in less than 10 hours.
At Pwnium 3, Google had a pool of $3.14159 million (see what they did there?) up for grabs for hackers to expose whatever security holes they could find. One of the targets was a Samsung Series 5 550 Chromebook. Entrants could not exploit any vulnerabilities in Chrome OS.
Certainly that is a testament to Google’s work, although that does not mean there is nothing left to find. Still that is a pretty impressive outcome. Google’s Chrome browser (along with the other browsers) did not fare so well however.
At the Pwn2Own event, put on by HP TippingPoint’s Zero Day Initiative, the Chrome browser fell hard. A hacker known as Nils who was working with a group called MWR Labs did a full Chrome exploit and picked up a $100,000 reward for his efforts. The exploits were found after bypassing a series of memory protection mechanisms.
Microsoft’s Internet Exporer and Firefox were also hacked. VUPEN, a security firm, also used a memory related vulnerability and earned $60,000 for its trouble with Firefox. The group then picked up an additional $100,000 for taking down Internet Explorer. VUPEN also demonstrated a Java overflow exploit and took home an extra $20,000.
The money is more than a reward, it is also a purchase. HP and Google basically agree to buy these vulnerabilities so they can create needed patches and improve the products. Apple’s Safari browser was up for grabs too. HP had $75,000 waiting but no one pre-registered for the event to take it on.
sources: Engadget, eSecurity Planet, and ZDNet
Share:
In the U.S., don't forget to move your clock ahead 1 hour 
Samsung Galaxy Pop adds orange color option to snag the kids in Korea 
-
Parting images and wrap-up from the last day of Google I/O
-
PhoneArena's John Velasco talks about the geek life
-
Up close demo of Epson Moverio glasses and YouTube functionality
-
Android talks and does Braille
-
Samsung officials confirm 5.9-inch Note III will come at IFA
-
Images and summary from day 2 of Google I/O
23 Comments
1. shuaibhere posted on 10 Mar 2013, 01:20 13 1
Chrome OS with linux kernel is more secure...
this proves how secure linux kernel is...
21. gallison1983 posted on 11 Mar 2013, 00:17 0 0
And that's when you get hacked. Just because it hasn't happened doesn't mean it couldn't
2. faisolbauuz posted on 10 Mar 2013, 03:20 10 0
Forever alone HP offered 75000$ for a prize no one wants to participates
4. Droid_X_Doug posted on 10 Mar 2013, 05:48 3 1
Props to Google and Chrome OS. $3.14 million and no successful hack.
5. networkdood posted on 10 Mar 2013, 06:46 7 1
If I were a hacker, I would not bother with Safari, either.
9. haseebzahid posted on 10 Mar 2013, 10:58 1 2
i dont understand chrome breswer is si famous and good but when i install it only thing it does in crash :( so i have to stick with firefox why
14. jroc74 posted on 10 Mar 2013, 11:52 0 0
One things for certain....if everybody else or the majority had the same experience as you....it wouldnt be so famous or considered good.
Chome has some issues with add ons, extensions. Opera does too. Its either find alternatives, or hope Google and/or the companies fix it. AI Roboform add on didnt work too good with Chrome, and I like some things about the Google Toolbar. Both of those things had issues in Chrome. (Google Toolbar is understandable; and its officially not available for FF anymore....I needed to do some hackery to get it working again)
Thats why I go with Firefox. For speed....Chrome is good. Opera too.
16. haseebzahid posted on 10 Mar 2013, 16:04 0 0
so you are saying it does crash well i hoped it could run f9 but tried 3 times and now it is lying at the corner of my taskbar
19. jroc74 posted on 10 Mar 2013, 22:23 0 0
Its not like it crashes every 10 minutes for me...lol. But it just doesnt play well with some stuff I uses regularly. Opera is worse with the stuff I use.
I'm probably better off finding an alternative to the things I use. Like for AI Roboform....Last Pass works better with Opera and Chrome. And its cheaper.
11. papss posted on 10 Mar 2013, 11:11 2 0
I'm a foxfire guy myself.. Chrome looks awkward at best to me.
12. jroc74 posted on 10 Mar 2013, 11:42 0 0
I kinda dont like how Chrome looks too.
I like FF for functionality, but I like Chrome and Opera for speed. I use IE as a last resort for compatibility issues. Like last week I couldnt login to Pepco website on FF to pay my bill. I had no problem of IE.
Its funny that the latest IE took design cues from Chrome.
15. papss posted on 10 Mar 2013, 12:31 1 0
Agreed.. Only time I use IE is on my l920 and that is because I have too. I love my foxfire, my only real knock against chrome is with placement of everything. It is pretty fast though
17. haseebzahid posted on 10 Mar 2013, 16:06 1 0
i heard the best use of previous IE1...8 was to download a better broswer :D dont know if 9 or 10 is doing better
18. papss posted on 10 Mar 2013, 17:46 1 0
It's not terrible and works pretty well in mobile form but still prefer ff
20. jroc74 posted on 10 Mar 2013, 22:26 0 0
For me, IE7 was the best IMO. After 7....IE changed the way it handled bookmark folders. That drove me to Firefox and other borwsers, havent looked back since.
13. Gdrye posted on 10 Mar 2013, 11:46 0 0
With Android being the open source "nightmare" that Google is fearing. with samsung being too dominate and Amazon just ripping everything out just to put their stuff in there, would a Chrome mobile OS be something to watch out for? maybe a lil more closed, with Chrome and Android apps compatible?
22. gallison1983 posted on 11 Mar 2013, 00:21 0 0
I wouldn't mind seeing a Chrome Phone. As far as attackability, Chrome OS has it done right. It has a low surface area of attack. You can either attack it from the web or attack it from Google's services itself. I would LOVE to get a Chromebook Pixel.
23. UrbanPhantom posted on 11 Mar 2013, 02:26 0 1
Chrome OS is dead in the water. Who are you people kidding?
