Chrome OS emerges from Pwnium 3 unscathed, Chrome, IE and Firefox fall at Pwn2Own

Chrome OS emerges from Pwnium 3 unscathed, Chrome, IE and Firefox fall at Pwn2Own
Google has a well earned reputation for paying big bucks to those that can demonstrate vulnerabilities in its products. At the Pwnium 2 event last year, a hacker known as “Pinky Pie” earned $60,000 for exploiting two core vulnerabilities in the Chrome Browser.

After cutting a check, Google sent the information on to its own code jockeys and a patch was deployed across all platforms in less than 10 hours.

At Pwnium 3, Google had a pool of $3.14159 million (see what they did there?) up for grabs for hackers to expose whatever security holes they could find. One of the targets was a Samsung Series 5 550 Chromebook. Entrants could not exploit any vulnerabilities in Chrome OS.

Certainly that is a testament to Google’s work, although that does not mean there is nothing left to find. Still that is a pretty impressive outcome. Google’s Chrome browser (along with the other browsers) did not fare so well however.

At the Pwn2Own event, put on by HP TippingPoint’s Zero Day Initiative, the Chrome browser fell hard. A hacker known as Nils who was working with a group called MWR Labs did a full Chrome exploit and picked up a $100,000 reward for his efforts. The exploits were found after bypassing a series of memory protection mechanisms.

Microsoft’s Internet Exporer and Firefox were also hacked. VUPEN, a security firm, also used a memory related vulnerability and earned $60,000 for its trouble with Firefox. The group then picked up an additional $100,000 for taking down Internet Explorer. VUPEN also demonstrated a Java overflow exploit and took home an extra $20,000.

The money is more than a reward, it is also a purchase. HP and Google basically agree to buy these vulnerabilities so they can create needed patches and improve the products. Apple’s Safari browser was up for grabs too. HP had $75,000 waiting but no one pre-registered for the event to take it on.

sources: Engadget, eSecurity Planet, and ZDNet

FEATURED VIDEO

23 Comments

1. shuaibhere

Posts: 1986; Member since: Jul 07, 2012

Chrome OS with linux kernel is more secure... this proves how secure linux kernel is...

21. gallison1983

Posts: 47; Member since: Dec 19, 2012

And that's when you get hacked. Just because it hasn't happened doesn't mean it couldn't

2. faisolbauuz

Posts: 121; Member since: Jan 05, 2013

Forever alone HP offered 75000$ for a prize no one wants to participates

3. SuperNexus

Posts: 127; Member since: Jan 18, 2013

No wonder Googe products are wonderful.

4. Droid_X_Doug

Posts: 5993; Member since: Dec 22, 2010

Props to Google and Chrome OS. $3.14 million and no successful hack.

5. networkdood

Posts: 6330; Member since: Mar 31, 2010

If I were a hacker, I would not bother with Safari, either.

7. protozeloz

Posts: 5396; Member since: Sep 16, 2010

They didn't.... Its full of wholes anyways

6. xperiaDROID

Posts: 5629; Member since: Mar 08, 2013

I love Chrome (Google)!!!!

8. aditya.k

Posts: 496; Member since: Mar 10, 2013

Lol. No one cares about safari. xD

10. haseebzahid

Posts: 1853; Member since: Feb 22, 2012

whats that O_o

9. haseebzahid

Posts: 1853; Member since: Feb 22, 2012

i dont understand chrome breswer is si famous and good but when i install it only thing it does in crash :( so i have to stick with firefox why

14. jroc74

Posts: 6023; Member since: Dec 30, 2010

One things for certain....if everybody else or the majority had the same experience as you....it wouldnt be so famous or considered good. Chome has some issues with add ons, extensions. Opera does too. Its either find alternatives, or hope Google and/or the companies fix it. AI Roboform add on didnt work too good with Chrome, and I like some things about the Google Toolbar. Both of those things had issues in Chrome. (Google Toolbar is understandable; and its officially not available for FF anymore....I needed to do some hackery to get it working again) Thats why I go with Firefox. For speed....Chrome is good. Opera too.

16. haseebzahid

Posts: 1853; Member since: Feb 22, 2012

so you are saying it does crash well i hoped it could run f9 but tried 3 times and now it is lying at the corner of my taskbar

19. jroc74

Posts: 6023; Member since: Dec 30, 2010

Its not like it crashes every 10 minutes for me...lol. But it just doesnt play well with some stuff I uses regularly. Opera is worse with the stuff I use. I'm probably better off finding an alternative to the things I use. Like for AI Roboform....Last Pass works better with Opera and Chrome. And its cheaper.

11. papss unregistered

I'm a foxfire guy myself.. Chrome looks awkward at best to me.

12. jroc74

Posts: 6023; Member since: Dec 30, 2010

I kinda dont like how Chrome looks too. I like FF for functionality, but I like Chrome and Opera for speed. I use IE as a last resort for compatibility issues. Like last week I couldnt login to Pepco website on FF to pay my bill. I had no problem of IE. Its funny that the latest IE took design cues from Chrome.

15. papss unregistered

Agreed.. Only time I use IE is on my l920 and that is because I have too. I love my foxfire, my only real knock against chrome is with placement of everything. It is pretty fast though

17. haseebzahid

Posts: 1853; Member since: Feb 22, 2012

i heard the best use of previous IE1...8 was to download a better broswer :D dont know if 9 or 10 is doing better

18. papss unregistered

It's not terrible and works pretty well in mobile form but still prefer ff

20. jroc74

Posts: 6023; Member since: Dec 30, 2010

For me, IE7 was the best IMO. After 7....IE changed the way it handled bookmark folders. That drove me to Firefox and other borwsers, havent looked back since.

13. Gdrye

Posts: 111; Member since: Jan 02, 2012

With Android being the open source "nightmare" that Google is fearing. with samsung being too dominate and Amazon just ripping everything out just to put their stuff in there, would a Chrome mobile OS be something to watch out for? maybe a lil more closed, with Chrome and Android apps compatible?

22. gallison1983

Posts: 47; Member since: Dec 19, 2012

I wouldn't mind seeing a Chrome Phone. As far as attackability, Chrome OS has it done right. It has a low surface area of attack. You can either attack it from the web or attack it from Google's services itself. I would LOVE to get a Chromebook Pixel.

23. UrbanPhantom

Posts: 949; Member since: Oct 30, 2012

Chrome OS is dead in the water. Who are you people kidding?

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.