Google’s Linux-based Chrome OS shrugged off its attackers at the $3.14-million Pwnium cracking competition.
but its little brother, the Linux-based Chrome OS, proved to be essentially uncrackable
at the CanSecWest conference in Vancouver, Canada,
In a separate security contest from the HP Zero Day Initiative’s (ZDI) Pwn2Own competition,Microsoft’s IE 10, Google’s Chrome and Mozilla’s Firefox Web browsers were all cracked. In addition, Java was also cracked multiple times.
Specifically, here are the prizes that Google is proposing:
- $110,000: Browser- or system-level compromise — in guest mode or as a logged-in user — delivered via a web page.
- $150,000: Compromise with device persistence — guest to guest with interim reboot — delivered via a web page.
Google is offering multiple prizes for each crack up to a maximum of $3.14-million for all winners.
Winning attacks had to “be demonstrated against a base (Wi-Fi) model of the Samsung Series 5 550 Chromebook running the latest stable version of Chrome OS. Any installed software (including the kernel and drivers, etc) may be used to attempt the attack.”
That’s serious money for serious cracking. Google did this, according to Chris Evans, the tech leader of the Google Chrome Security Team, because “Security is one of the core tenets of Chrome, but no software is perfect, and security bugs slip through even the best development and review processes. That’s why we’ve continued to engage with the security research community to help us find and fix vulnerabilities.”
A few days before the contest, Google pushed out ten Chrome browser security fixes and then the games were on.
Even with millions of dollars in prizes at stake, no one was truly successful in taking down the Linux-based Chrome OS. The Google Chrome team reported on Google+ that even though the competition deadline had been extended at the would-be crackers’ request, “We just closed out the competition. We did not receive any winning entries but we are evaluating some work that may qualify as partial exploits.”
Further details are not available at this time, but clearly, given the failure of all browsers on Windows in Pwn2Own and yet another wave of critical Windows vulnerabilities Chrome OS in specific, and Linux in general, remains the best choice for security-conscious desktop users.