Google Chrome Hacked
Finally it was Google Chromes turn to face the heat of hacking. Sergey Glazunov and Vupen Security independently managed to penetrate the security of Google Chrome.
CanSecWest Pwn2Own is an annual contest which invites ethical hackers from all over the world to try their skills on the popular web browsers with the intention of exposing the vulnerabilities and loopholes in the security.
The co-founder and head of research of Vupen, Chaouki Bekrar and his team managed to break into Google Chrome in less than 5 minutes during this year competition. This raises a serious question on the security of Google Chrome which was enjoying an ‘unquestionable security’ status. A pair of zero-day vulnerabilities was used by them to take complete control of a fully patched 64-bit Windows 7 (SP1) machine.
Google Chrome has decided to address this vulnerability. The hacker now stands a chance to win $60,000 in Google’s $1 million Pwnium challenge.
When asked if the vulnerabilty came from Adobe, Bekrar said “It was a use-after-free vulnerability in the default installation of Chrome,” he said. “Our exploit worked against the default installation so it really doesn’t matter if it’s third-party code anyway.”
This year’s competition saw all other browsers hacked too. Microsoft’s IE9 was also hacked.
Chrome was the only browser which had survived the 2011 competition. “We wanted to show that Chrome was not unbreakable. Last year, we saw a lot of headlines that no one could hack Chrome. We wanted to make sure it was the first to fall this year,” Bekrar told
But though Chrome didnt survive this year but it still remains one of the most secure browsers. Bekrar said that “the Chrome sandbox is the most secure sandbox out there. It’s not an easy task to create a full exploit to bypass all the protections in the sandbox.”
Related External Links