14 DAY TRIAL // Google has provided some details about the Pwnium and Pwn2Own security competitions earlier this month. Google was a sponsor of Pwn2Own, but it also held the Pwnium competition in parallel, focusing on Chrome OS issues.
Chrome was defeated in the Pwn2Own competition, along with all the other browsers and plugins involved.
There were no winners in the Pwnium competition though, as no exploit that would allow attackers to take over a Chromebook, even if only for one account, was provided.
However, Pwnium regular Pinkie Pie did reveal a series of bugs which could potentially be exploited. His exploit was unreliable though. Still, Google was satisfied with the bugs uncovered and offered a partial reward of $40,000 (€30,868).
"We’re pleased to reward $40,000 to Pinkie Pie, who submitted a plausible bug chain involving video parsing, a Linux kernel bug and a config file error," Google explained.
"In particular, we’d like to thank Pinkie Pie for honoring the spirit of the competition by disclosing a partial exploit at the deadline, rather than holding on to bugs in lieu of an end-to-end exploit," it added.
As for the Chrome bug that won Pwn2Own, Google fixed the issue in 24 hours after discovering it. What's more, the exploit relied on a Windows bug which also got fixed, since contestants were obligated to reveal all the bugs they used in their exploits.
"In the parallel Pwn2Own contest, participants attacked many different browsers and plug-ins. There was a top prize on the line for Chrome, which was claimed by Nils and Jon of MWR Labs," Google added.
Future Pwnium editions are a guarantee, this was the third in a year, but if Google sticks to Chrome OS, it may have a hard time finding participants no matter the prize money. In the meantime, Google is paying security researchers who reveal dangerous bugs via the Chromium Vulnerability Rewards Program.