Pwnium 2, the Chrome hack competition, has come to an end and, though there's not much official info yet, it seems that it saw only one entry. But, just like last time around, it was a good one, Pinkie Pie returned once again with an epic hack and is set to get another $60,000 for his trouble.He didn't attend the conference himself, adding to his shroud of mystery, but whatever he came up with this time, it was enough to break out of the Chrome sandbox and run arbitrary code on the target machine.
Last time around, he stringed together six bugs to break Chrome, it's unclear how many he used now.
With the competition closed, his is the only entry. Google's security team is now looking over the exploit to decide whether it meets the criteria for the top award. Chances are, the exploit is good enough.
Google has started the competition in an effort to break away from Pwn2Own a similar competition, but which doesn't require researchers to disclose the bugs they used.
This means that Google and other browser makers won't be able to fix the issues, but the researchers would be able to sell the existing exploit to the highest bidder.
Google had a $2 million purse ready for the competition and was willing to hand out prizes until it ran out, on a first come, first served status. The fact that there was only one entry despite the large award is a testament to Chrome's security.
Or, put another way, it's a testament of how much a Chrome exploit could be worth, less ethical security researchers may be getting more money than that from governments, spy agencies or "other" people for working Chrome exploits. With Chrome, the most popular browser in the world, or at the very least in the top three, the price will only go up.