Skip to main content

Chrome OS survives Pwnium 3 hacking

Google has announced that no one successfully hacked Chrome OS during the recent Pwnium hacking contest, but it did issue a partial reward for one hacker's bug finds.

Pinkie Pie received $40,000 (£26,000) for uncovering "a plausible bug chain involving video parsing, a Linux kernel bug and a config file error," Google said in a blog post. "The submission included an unreliable exploit demonstrating one of the bugs. We've fixed most of these bugs already."

Google thanked Pinkie Pie for disclosing the bug during the deadline rather than keeping it secret and exploiting it at a later date. "This means that we can find fixes sooner, target new hardening measures and keep users safe," Google said.

The $40,000 earned by the hacker was a bit less than the $3 million (£2 million) Google was ready to hand out to anyone who could hack Chrome OS.

Pwnium 3 took place at the CanSecWest security conference in Vancouver on 7 March. Google worked with the Zero Day Initiative (ZDI) on the conference's rules and decided that since Chrome is already featured in the larger Pwn2Own competition, Pwnium 3 would have a new focus: Chrome OS.

"We believe these larger rewards reflect the additional challenge involved with tackling the security defenses of Chrome OS, compared to traditional operating systems," Google said in January.

Pwn2Own, meanwhile, was a bit more successful for the hackers. MWR Labs took home $100,000 (£66,000) for its hack of Chrome on Windows 7. "Of the two bugs used, one bug was in Chrome code, which we fixed in 24 hours," Google said.

At this point, Google has handed out $900,000 (£600,000) in bug bounties, "and we're itching to give more," the search giant said.