After Pwn2Own – Google Pay Partial Bounty On Unreliable Chrome OS Exploit

Pwn2Own, and Chrome’s Pwnium competition, may have passed by for another year but that hasn’t stopped Google from making a late payment to one of the participants – Pinkie Pie – who has scooped $40,000 for their efforts.

Chrome

During the competition proper no-one was able to create a true compromise worth $110,000 or a persistent one that would survive a reboot (worth $150,000). But Pinkie Pie did come up with a ‘partial’ –

“At Pwnium, we didn’t receive any winning entries, but did reserve the right to issue “partial” rewards. We’re pleased to reward $40,000 to Pinkie Pie, who submitted a plausible bug chain involving video parsing, a Linux kernel bug and a config file error. The submission included an unreliable exploit demonstrating one of the bugs.”
Chromium blog

Fortunately for the rest of us Chrome users the browser has already been patched against this albeit unlikely scenario – Google released Chrome OS 25.0.1364.173 on Friday.

Also, I rather like the fact that Google decided to pay out a partial prize – the fact that they did that in combination with Pinkie Pie disclosing his partial exploit just goes to show the positive spirit in which these contests are held and results in more security for the end user which can never be a bad thing, just like Google say themselves –

“We’ve given away more than $900,000 in rewards over the years and we’re itching to give more, as engaging the security community is one of the best ways to keep all Internet users safe.”

About Lee Munson

Lee's non-technical background allows him to write about internet security in a clear way that is understandable to both IT professionals and people just like you who need simple answers to your security questions.

Speak Your Mind

*