Page 1 of 1

Google Chrome hacked in 5 minutes

PostPosted: Sat Mar 10, 2012 6:16 am
by BlueWater

From: www.informationweek.com

VUPEN Security hacks Google Chrome, Safari, and Internet Explorer to take early lead in Pwn2Own contest.

Re: Google Chrome hacked in 5 minutes

PostPosted: Sat Mar 10, 2012 6:16 am
by BlueWater
French vulnerability research firm VUPEN Security stormed to an early lead in the annual Pwn2Own cracking contest, which is part of this week's CanSecWest information security conference in Vancouver. VUPEN received 32 points for the Chrome hack from officials at TippingPoint's Zero Day Initiative, a bug-bounty reward program that sponsors the contest. By day's end Vupen was in the lead with 62 points, after also hacking Safari 5 on Mac OS X Snow Leopard and Firefox 3 on Windows XP. The contest continues through Friday.

According to a tweet from VUPEN, its Chrome exploit involved "code execution and sandbox escape (medium integrity process resulted)" against a copy of Chrome running on Windows 7. VUPEN has previously discovered zero-day vulnerabilities that exploited Chrome after bypassing its sandbox, although this is the first time in three years that Chrome has been exploited in the Pwn2Own contest, the lead-up to which typically sees browser makers furiously issuing patches.