Chrome OS On Linux Exploited; Hacker Awarded $40,000

The submission included an unreliable exploit demonstrating one of the bugs.

:  Here comes a bummer! We had earlier reported that while the Chrome Web browser on Windows was breakable, the story was a little different with the Linux-based Chrome OS, much to the delight of Linux enthusiasts. The platform was essentially uncrackable at the CanSecWest conference. Or so indicated the reports that time. Well, Google has announced that Linux-based Chrome OS could not be cracked in its Pwnium Chrome OS contest, but one hacker successfully managed to develop an unreliable exploit. Known as Pinkie Pie, “the same hacker who cracked the Chrome Web browser on Windows last year in Google's security contest, reportedly submitted a plausible bug chain involving video parsing, a Linux kernel bug and a config file error. The submission included an unreliable exploit demonstrating one of the bugs," Google wrote. Google also thanked him "for honoring the spirit of the competition by disclosing a partial exploit at the deadline, rather than holding on to bugs in lieu of an end-to-end exploit. This means that we can find fixes sooner, target new hardening measures and keep users safe." Pie was awarded $40,000 for the exploit. While the exact nature of the vulnerability on Linux is still not known, the company has patched the issue and released a new version Chrome OS, 25.0.1364.173. Kalpana Sharma, EFYTIMES News Network