Printed from http://www.electronista.com

Google Chrome compromised in five minutes at Pwn2Own

updated 09:15 pm EST, Wed March 7, 2012

Chrome security breached almost immediately

Google saw an end to a brief streak on Wednesday after CanSecWest's organizers confirmed that Chrome had been hacked during the Pwn2Own contest. Team Vupen exploited a security hole in the browser within five minutes of the contest's start. The group will be getting at least a $60,000 prize, funded partly by Google itself, as well as 32 points in the still-ongoing contest; it had already found two more vulnerabilities in software at the conference in intervening hours.

Exact details of the hole weren't detailed, but it was a zero-day exploit that successfully escaped Google's sandboxing and ran code.

The hack was prepared in advance and was likely helped by Google's own willingness to add significantly to the prize pool to test Chrome. It nonetheless undermines Google's insistence that Chrome is safe and shows it to not necessarily be safer in the real world than previous Pwn2Own targets like Safari. Google was one of the first to implement sandboxing, where any breach in a given browser tab or plugin is supposed to be blocked from compromising other parts, but it's now proven that the practice isn't a guarantee against exploits.

Most other browsers now have at least some form of sandboxing, whether for plugins or browser tabs.



By Electronista Staff
Post tools:

TAGS :

toggle

Comments

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

Sponsor

Recent Reviews

IDrive cloud backup and sync service

There are a lot of cloud services out there, and nearly all of them can be used for backing up key files and folders. A few dedicated ...

Asus Chromebook C300

When Chromebooks hit the market back in 2011, consumers didn't know what to do with them. The low-cost laptops, powered by Google's Ch ...

Plantronics BackBeat Pro Bluetooth headphones

Looking for a pair of headphones that can do everything a user requires is a task that can take some study. Trying to decide on in-ear ...

Sponsor

toggle

Most Commented

 
toggle

Popular News