Google loves to brag about how secure its Chrome browser is, and the results of last year's Pwn2Own hacking competition only gave the company more ammo. Well, at this year's event, some hackers wanted to feed Google humble pie—and they did.
As ZDNet reports, security researcher Chaouki Bekrar and his team managed to take "complete control of a fully patched 64-bit Windows 7 (SP1) machine" using two zero-day vulnerabilities in Google's browser. Chaouki said the feat took six weeks of preparatory work that involved locating the vulnerabilities and writing code to exploit them.
Chrome ended up being the first browser to fall at the competition yesterday. "We wanted to show that Chrome was not unbreakable. Last year, we saw a lot of headlines that no one could hack Chrome. We wanted to make sure it was the first to fall this year," said Bekrar. The hacking competition was part of this year's CanSecWest conference, which is still going on today and tomorrow in Vancouver, Canada.
There was more on the line than hacker cred and some free PR for Bekrar, of course. Google is actively encouraging hackers to find holes in Chrome. Last month, the company said it would be offering $1 million in prizes for hackers who find holes in the browser. Finding a "full Chrome exploit" entails a $60,000 prize, and Google throws in a free Chromebook. Cash prizes are also awarded for the discovery of security holes involving other software but liable to affect Chrome users. (Thanks to TR reader SH SOTN for the link.)
|1. Ryszard - $603||2. Hdfisise - $600||3. Andrew Lauritzen - $502|
|4. Redocbew - $350||5. the - $306||6. SomeOtherGeek - $300|
|7. chasp_0 - $251||8. Ryu Connor - $250||9. mbutrovich - $250|
|10. YetAnotherGeek2 - $200|
|In the lab: FLIR's One thermal camera||12|
|Black Friday deals: Dell's U3415 curved monitor for $650 and more||17|
|Abu Dhabi government fund may be shopping GlobalFoundries||22|
|Asus goes for the gold with its 20th Anniversary GTX 980 Ti||6|
|MSI's Eco motherboards let owners fine-tune power consumption||6|
|Gigabyte's Z170X-Gaming G1 motherboard reviewed||12|
|Star Wars Battlefront video review||38|
|Club 3D active adapters convert DisplayPort 1.2 to HDMI 2.0||22|
|Phanteks' Power Splitter lets two systems run on one PSU||45|
|This is the answer to SSK's question on the Firefox news post.||+33|