Chrome OS runs the table at Pwnium 3

Hackers fail to find any meaningful exploits, despite big prize money

Hackers at the CanSecWest event in Vancouver couldn't break Google's latest version of Chrome OS in the company's Pwnium 3 contest, leaving the $3.14159 million (yes, that's Pi, for those keeping track at home) in prize money untouched.

Pwnium is a hacking contest -- similar to the better-known Pwn2Own event, which is also held at the CanSecWest convention -- that challenges the best in the security business to attack Google's products in the hope of winning cash prizes.

[ MORE CHROME: Google confirms high-end Chromebook Pixel, surprising some ]

The company's Chrome team announced in a Google+ post that no successful exploits were found by the assembled hackers, despite the extension of the deadline to 5 p.m. PST yesterday, though the post also said that some partial exploits were being evaluated.

Google had been offering up to $150,000 per exploit, depending on specifics -- top prizes were earmarked for those who found device-persistent hacks (i.e., those that would remain in place even after a reboot), while $110,000 was offered for less thorough attacks.

While Chrome OS made it through Pwnium unscathed, the larger Pwn2Own contest saw the Chrome browser successfully exploited by researchers from MWR Labs, a U.K.-based security firm, who won $100,000 in the process.

Making the MWR Labs exploit even more impressive is the fact that Google released a major security update just days before the event kicked off, patching several fairly serious vulnerabilities.

Pwn2Own also saw IE10, Firefox, Adobe Reader, Flash and -- on four separate occasions -- Java exploited by the skilled hackers in attendance. The biggest winner was France's VUPEN Security, which successfully hacked IE10, Firefox, Java and Flash. The company's total winnings came to $250,000, according to Sophos Security.

Email Jon Gold at jgold@nww.com and follow him on Twitter at @NWWJonGold.

Editors' Picks
Join the discussion
Be the first to comment on this article. Our Commenting Policies