Chrome OS Remains Undefeated At Pwnium 3

hypnosec writes "Google has announced that its Chrome OS has managed to remain undefeated during the Pwnium 3 event that was held alongside Pwn2Own. Announced by Google on January 28, 2013 the Pwnium 3 event carried a prize money of $3.14 million. Researchers were asked to carry out attacks against a base Samsung Series 5 chromebook running the latest stable version of Chrome OS. It turns out security researchers were not able to come up with winning exploits even after the competition's deadline was extended. Google Chrome Team has revealed that partial exploit entries have been filled in but, no other details have been released."

So many uninformed comments

[daboochmeister]

A major theme here is "it doesn't run many apps, that's why it's secure". Yeah, that must be it - it probably has absolutely nothing to do with the way they've implemented Mandatory Access Controls in a rigorous fashion, and the way they isolate resources with heavy use of cgroups, and the read-only root filesystem and tmpfs /tmp, and how they've made every binary use ASLR and NX and DEP, and how they've rewritten several major typically-vulnerable daemons to not run as root, and how they've developed userland daemons to broker access to hardware, and how they don't allow any files in user home dirs to be executables, or how they've started to sandbox device drivers, or the way they implemented separate processing stacks for HTTP and HTTPS, or how they verify not just the boot record but the whole boot stack and partition table and nv ram on every boot and and and ...

Yeah, all those things probably don't matter. They probably don't play any role in exploits that work on Windows-based Chrome failing on Chrome OS. It's not more inherently secure than any other OS, riiiggghhhhhttttt ...