Welcome to HBH! If you have tried to register and didn't get a verification email, please using the following link to resend the verification email.

Googles Chrome OS partially hacked

  1. Home
  2. Tech News
  3. Googles Chrome OS partially hacked

Googles Chrome OS partially hacked

As computer security guru Bruce Schneier likes to say, "Security is a process, not a product." He was proven right again when Google announced that, while its Linux-based Chrome OS hadn't been cracked in its Pwnium Chrome OS contest, one hacker was successful in creating an an unreliable exploit.

While not cracked open, a hacker was able to pry a bit at Chrome OS in Google's recent Pwnium competition. Specifically, the hacker known as Pinkie Pie, who cracked the Chrome Web browser on Windows last year in Google's security contest, "submitted a plausible bug chain involving video parsing, a Linux kernel bug and a config file error. The submission included an unreliable exploit demonstrating one of the bugs."

Google also thanked him "for honoring the spirit of the competition by disclosing a partial exploit at the deadline, rather than holding on to bugs in lieu of an end-to-end exploit. This means that we can find fixes sooner, target new hardening measures and keep users safe."


For this, Pie was award $40,000. A true browser- or system-level compromise would have been worth $110,000 and one that persisted after a reboot would have brought a talented hacker $150.000.

Google released a new version of Chrome OS, 25.0.1364.173, which patched these potential problems on March 15. We don't know exactly what these bugs were. The exact details are only available, at this time, to Chromium developers. We do know that one had to do with an overflow in the Graphic Processor Unit process and the other involved the Time-of-Check/Time-of-Use and counting overflows in Intel i915 graphics driver.

That said, Google, well aware of Schneier's rule, added that "While these security gatherings and live competitions are fun, we also want to highlight the ongoing Chromium Vulnerability Reward Program, which covers not only the Chrome desktop browser, but also all Chrome OS components and Chrome on mobile devices. We've given away more than $900,000 in rewards over the years and we're itching to give more, as engaging the security community is one of the best ways to keep all Internet users safe."

Source: <a href=" http://www.zdnet.com/googles-chrome-os-partially-hacked-7000012780/">Chrome

11 years ago
Posted by Mordak avatarMordak
Comments
Sorry but there are no comments to display