Google announced last week that it is offering $1 million in prize to those who find bugs and exploits in Chrome browser. Now the Pwn2Own contest has started at CanSecWest and Google chrome is the first browser to be hacked. Google Chrome was never hacked before at Pwn2Own, this is the first time it was pwned at CanSecWest.
Google conducted a mini contest separate from Pwn2Own at the CanSecWest dubbed as Pwnium. Sergey Glazunov, a Russian University Student and Security Researcher hacked in to a fully patched 64-bit Windows 7 machine with Chrome browser installed. He hacked the machine by bypassing the chrome sandbox technology using a remote code execution vulnerability/exploit in Google Chrome.
Glazunov got $60,000 as a cash prize for the exploit as part of the Google $1 million Pwnium contest. He targeted two distinct zero-day vulnerabilities in the Chrome extension sub system. According to Justin Schuh, a member of the chrome security team this exploit was specific to Chrome and bypassed the browser sandbox entirely, ZDNet reported.
In the Pwn2Own contest at the same CanSecWest conference run by HP’s Zero Day initiative, security researchers from Vupen took down Chrome in the first five minutes of the competition, making it the first browser to fall at Pwn2Own 2012. Vupen security team cracked Safari last year. The security team didn’t disclose the exploit but it might be an Adobe Flash plugin which comes with Google Chrome pre installed.
Google Chrome finally been hacked at the Pwn2Own contest, now it can’t boast its security, but still Google Chrome’s sandbox technology is the most secure according to security researchers.
Via Zdnet
