Google Patches Security Flaws Exposed by 'Pwn2Own'

Dennis Faas's picture

Google has already patched a security flaw exposed by a public hacking contest. Chrome and Internet Explorer were both hacked at the Tokyo event, though contestants said doing so is getting tougher all the time.

The contest is called "Pwn2Own," and the idea behind it is that the first person to successfully hack a computer or mobile device wins the compromised hardware and a cash prize. But winning is really about gaining prestige in the security community.

Similar contests have concentrated on desktop computers, but this event focused on mobile devices. One participant successfully hacked a Microsoft Surface Pro tablet computer running Windows 8.1 and Internet Explorer 11.

This was merely a demonstration and not part of the contest. However, as is usual practice at such events, the person demonstrating the hack has passed on his methodology to Microsoft.

Winning Hacker Defeats 'Sandbox' Defense

The event winner was able to hack Google Chrome on mobile devices.

It's very rare that somebody wins a Pwn2Own prize by attacking Chrome, as the browser uses a security technique known as sandboxing -- that means if somebody does compromise the browser, their access is effectively limited to a specific open tab and they can't do much, if any, damage.

The winner, who chose only to be known as "Pinkie Pie", won $40,000 from the contest organizers. They also collected a $10,000 bonus from Google for hacking Chrome on a Nexus 4 or Galaxy S4, two of the most high-profile Android smartphones.

Pinkie Pie actually managed to hack both devices. (Source:

Other hackers won prizes for successful attacks on Android and iPhone handsets. Not all categories had a winner and in total organizers paid out only $117,500 of a possible $300,000 in prizes -- suggesting improved security measures in newer systems really are working.

Chrome Already Updated Following Hacking Demonstration

Having received details of the winning entry, Google issued a security patch within a matter of hours. It has sent out the update for Chrome on Windows, Mac, and Linux computers as well as Android devices.

Google says it will reveal full details of the security flaw but only once most users have received the security update. (Source:

Rate this article: 
No votes yet