updated 09:23 pm EDT, Sun March 10, 2013
Bounties paid for Internet Explorer, Firefox, Java vulnerabilities
Google's Chrome OS managed to evade all intrusion attempts during the most recent Pwnium hacking competition. While Chrome OS survived intact, Chrome the web browser joined Firefox and Internet Explorer in being shown vulnerable to attack from hackers, during the Pwn2Own contest held at the CanSecWest security conference at the same time.
In the Pwnium contest, exploits needed to be demonstrated on a fully-patched Samsung Series 5 550. Though no-one managed to complete a hack, one entry is being evaluated by judges according to Geek.com, and may still give the submitter a partial credit. Hackers had a maximum prize fund of $3,141,590 to play for, with two main awards for each hack of a specific difficulty, at $110,000 and $150,000. A previous Pwnium contest saw hacker "Pinkie Pie" earn a free Chromebook and $60,000, the highest reward level at the time.
During the far more successful Pwn2Own competition, Nils of MWR Labs received $100,000 for a Chrome vulnerability. VUPEN received $60,000 for a Firefox exploit and $100,000 for Internet Explorer 10, followed by an additional $20,000 for a Java exploit. Two other researchers claimed $20,000 each for more Java exploits, reports eSecurity Planet.
HP placed a bounty of $75,000 for any exploits on Safari running on OS X Mountain Lion, but did not receive any pre-registrations. HP's manager of vulnerability research Brian Gorenc did not know why everyone avoided Safari, suggesting "maybe they were focused on Chrome."