Results 1 to 2 of 2

Thread: Google Chrome Falls First in Pwn2Own Hacking Contest

  1. #1

    Google Chrome Falls First in Pwn2Own Hacking Contest

    Though Google's Chrome was left unscathed at last year's CanSecWest's Pwn2Own hacking competition, this year it was the first one to fall.

    ZDNet reported that the Google browser was taken down by a group of French hackers called Vupen – the same team that cracked Safari at last year's contest.

    Vupen's co-founder and research head, Chaouki Bekrar, told ZDNet that the group worked for six weeks to hatch a plan to take on Chrome. They developed two zero-day exploits that were able to take complete control of a fully updated 64-bit Windows 7 machine.

    "We had to use two vulnerabilities," Bekrar told ZDNet. "The first one was to bypass DEP and ASLR on Windows and a second one to break out of the Chrome sandbox."

    Bekrar would not share the explicit details of the method Vupen used, nor would he say if either of the exploits used third-party code.

    "It was a use-after-free vulnerability in the default installation of Chrome. Our exploit worked against the default installation so it really doesn't matter if its third-party code anyway," he said.

    In 2011, Vupen released a video in which the group cracked Chrome using Flash, but Google said it didn't count because of the use of third-party code.

    So why did Vupen decide to go after Chrome first? Aside, of course, from the $1 million bounty Google placed on the browser's head.

    "We wanted to show that Chrome was not unbreakable. Last year we saw a lot of headlines that no one could hack Chrome. We wanted to make sure it was the first to fall this year," Bekrar said.

    He also noted that Chrome is "one of the most secure browsers available."

    Ahead of the Pwn2Own, Google announced that it would dole out a total of $1 million in prize money for successful Chrome hacks to entice competitors to target the browser and to use the exploits to help bolster the browser's security.

    "We have a big learning opportunity when we receive full end-to-end exploits," Google said. "Not only can we fix the bugs, but by studying the vulnerability and [exploiting] techniques we can enhance our mitigations, automated testing, and sandboxing. This enables us to better protect our users."

    For more, see PCMag's review of Google Chrome 17 and the slideshow below.

    For more from Leslie, follow her on Twitter @LesHorn.

    Source: http://www.pcmag.com/article2/0,2817,2401305,00.asp


  2. # ADS
    Circuit advertisement
    Join Date
    Always
    Location
    Advertising world
    Posts
    Many
     

  3. #2
    Awesome! I was hoping when the million dollar bounty was announced someone would claim it. Kudos to Google for having such faith in their product.
    Your safety is not my responsibility.

Similar Threads

  1. Google Will Pay $1 Million for Chrome Hacks
    By accadacca in forum General Discussion
    Replies: 0
    Last Post: 02-29-2012, 08:26 AM
  2. Who Would Use The Google Chrome Operating System?
    By accadacca in forum Tech Forum
    Replies: 12
    Last Post: 12-10-2010, 06:02 AM
  3. Google Chrome - Tips
    By jman in forum Tech Forum
    Replies: 3
    Last Post: 11-19-2010, 10:29 PM
  4. Replies: 1
    Last Post: 07-08-2009, 01:12 PM
  5. Google Chrome
    By shaggy125 in forum General Discussion
    Replies: 5
    Last Post: 09-17-2008, 05:40 PM

Visitors found this page by searching for:

Outdoor Forum

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •