SPECIAL FEATURES:
Email
Google Chrome cracked in hacking contest
Hackers exploit weaknesses in Google's Chrome browser at the Pwn2Own competition.
Wed, Mar 07 2012 at 7:57 PM
Related Topics:
Image: googlechrome/YouTube
VANCOUVER, British Columbia — The French security firm Vupen successfully cracked the Google Chrome Web browser on the first day of this year's Pwn2Own hacking contest, held annually at the CanSecWest security conference here.
In a demonstration at 1:30 p.m. PT on March 7, Vupen exploited a memory-corruption vulnerability in Chrome's WebKit component, a library used in numerous browsers, including Apple Safari and Google's Android browser.
"It's a pleasure," Chaouki Bekrar, Vupen chairman and CEO told SecurityNewsDaily shortly after demonstrating the hack. "We wanted to show that Google, despite the fact that it's a very secure browser — with a motivated team and enough resources, we can create a sophisticated exploit to bypass all security protections and fully compromise Chrome."
"Google is not unbreakable," Bekrar added. "We wanted to be the ones to make it fall."
Vupen researchers also leveraged a sandbox escape, allowing them to break out of Chrome's sandbox security feature, in place to contain bugs and prevent malicious code from executing on the user's system.
Vupen's exploit was performed on the latest stable version of Chrome, version 17.0.963.66, using a fully updated Windows 7 64-bit system.
This is the first time researchers have been able to successfully crack Chrome during the Pwn2Own contest.
"It's a big deal," Aaron Portnoy, manager of security research for HP TippingPoint, the sponsor of Pwn2Own, told SecurityNewsDaily.
Bekrar said his team spent six weeks developing the two exploits.
Per contest rules, Vupen submitted the memory corruption flaw to HP TippingPoint. The researchers are not required to report the Chrome sandbox exploit they demonstrated to Google or to HP TippingPoint.
Though the full contest prizes won't be announced until March 9, Bekrar already has an idea how he and his team will celebrate if they win.
"We'll probably open a bottle of champagne," he told SecurityNewsDaily. "As French guys, it's mandatory."
Related on SecurityNewsDaily:
Copyright 2012 SecurityNewsDaily, a TechMediaNetwork company. All rights reserved.
You might also like:
Sign in with one of these accounts to add your comment.
EDITORS' PICKS
Advertisement
TODAY'S MOST POPULAR ON
- 15 famous people who mysteriously disappeared
- Watch: Sir David Attenborough deals with a band of cannibals the British way
- Too beautiful to be real? 16 surreal landscapes found on Earth
- 10 false facts most people think are true
- 7 surprising things Pope Francis has done in his first 100 days
- 9 habits that may do more harm than good
- 13 natural remedies for the ant invasion
- 15 houseplants for improving indoor air quality - A breath of fresh air
- 'Lost' city discovered beneath Cambodian jungle
- What a grocery store without bees looks like
NEWSLETTER
Advertisement
Join the conversation