Chrome OS holds firm against hackers at Pwnium 3 - fleckthervin

The Pwn2Own 2022 and Pwnium 3 hacking competitions may possess both taken place in the same locale fourth-year calendar week—specifically, the CanSecWest security conference in Vancouver, B.C.—but the differences in their outcomes could not have been to a greater extent impinging.

Hackers were the winners in this yr's Pwn2Own contender.

Pwn2Own 2022, held by HP's Cypher Day Initiative (ZDI), focused connected browsers and web browser plug-ins this year, and IT was a scene of widespread figurative bloodshed (see results at right) for the software existence proved.

In Google's concurrent Pwnium 3, happening the opposite hand, it was the hackers who were defeated, unable equally they were to crack Google's Linux-supported Chrome OS operating system.

$3.14159 million in prizes

"Security is one of the core tenets of Chrome, just no software is perfect, and protection bugs pillow slip through with even the best development and review processes," wrote Chris Evans, a member of the Google Chrome Security Squad, in a blog mail announcing the competition in belatedly January. "That's why we've continued to hire with the security search community to service us bump and fix vulnerabilities."

Entrants were necessary to demonstrate an attack on a base (Wireless local area network) model of the Samsung Serial publication 5 550 Chromebook, functioning the modish stable version of Chrome OS.

Google offered plenty of motivation, as well: a full of $3.14159 million—inspired by the number "sherloc," Google aforesaid—impaired devour into $110,000 for a web browser or system compromise and $150,000 for a compromise that persists after boot.

Nary winning entries

"We believe these large rewards reflect the additive challenge involved with tackling the security measures defenses of Chrome OS, compared to conventional operating systems," Evans explained.

The new 'seccomp-bpf' sandbox bed in Chromium-plate OS adds extra security (Click image to enlarge.)

As luck would have it for Chromebook users—just unfortunately for the competing hackers—no one succeeded in achieving a filled via media.

"We did not receive whatever winning entries only we are evaluating some work that Crataegus oxycantha qualify every bit partial tone exploits," translate the announcement of the results penultimate Thursday on Google+.

The Linux reward

Of course, it should be famed that the find of a Chrome exploit two days beforehand allowed Google to patch Chrome Osmium before Pwnium began, as pointed out in a web log post last week from security firm Sophos.

Inactive, the fact that nothing else was discovered is mostly a testament to the fact that Chromium-plate OS is supported Linux, which is wide considered to be far more secure than its proprietary counterparts.

That's for numerous reasons, including the way permissions are assigned and the software's open source nature, only Chromium-plate Bone as wel adds the vantage of seccomp-bpf, a sandboxing lineament that was recently included in the Linux kernel.

The result, in essence, is "a humble filter in the kernel that will rapidly reject many of the rocks tangled by an attacker," as Google software program organise Julien Tinnes explained along the Chromium Blog fourth-year fall.

Bottom line? If security is a priority for you, then Linux—in Chromium-plate OS or one of its many other forms—is the way to go.