Comments:"All Chrome OS hack attempts fail at Pwnium 3 | Geek Pick | Geek.com"
URL:http://www.geek.com/articles/geek-pick/all-chrome-os-hack-attempts-fail-at-pwnium-3-2013038/
The operating system that powers Google’s Chromebooks managed to survive Pwnium 3 without being hacked.
Pwnium is Google’s hacking contest at CanSecWest, focused on finding exploits within the Chrome operating system. It was started last year as an alternative to Pwn2Own because Google didn’t like the contest’s lack of disclosure requirements. At this year’s Pwnium, the exploits must be demonstrated on a fully patched Samsung Series 5 550.
Before CanSecWest started, Google pushed out fixes for 10 vulnerabilities in Chrome. Six of these patched vulnerabilities had a “high” ranking on Google’s severity index and four netted payouts of $1,000 in Google’s pay-for-bugs program. Three bugs that received a payout from Google use vulnerabilities in browser navigation handling, frame loader, and in SVG animations. The other bug Google paid for used a memory corruption vulnerability in web audio.
Google had set a ceiling of $3.14159 million for potential exploits discovered at Pwnium. It had broken down the attacks into two categories with a different prize amount based on the complexity of the hack:
- Guest mode browser or system compromise using a web browser (logged-in user compromise also acceptable) – $110,000
- Compromise with persistence on device using a web browser (guest to guest with interim boot) – $150,000
While there was no winning entry for this year’s Pwnium, a Google representative said in a statement Thursday afternoon that they are currently evaluating one entry that may qualify as partial credit.
Last year at CanSecWest’s Pwnium, and Pwnium 2 at the Hack In The Box security conference in Kuala Lumpur, a hacker known as ‘Pinkie Pie’ managed to hack Chrome netting a prize of $60,000 at each conference.