Google Chrome team were so proud and confident on the leading track records of their browser in past browser exploit challenges. This time the mighty browser has been breeched by a Russian security researcher Sergey Glazunov. He won $ 60,000 from Google as a reward at CanSecWest Pwnium Hacking contest. This year Pwnium contest is being run as an alternative to more popular Pwn2Own contest. Total $1 Million was offered for different categories . $60,000 for full Chrome exploit (Windows 7 User account persistence using the only bugs in Chrome), $40,000 for Partial Chrome Exploit (Windows 7 local OS user account persistence using at lease a single bug in chrome plus other bugs) and $20,000 consolation reward for Windows 7 local OS user account persistence that does not use bugs in Chrome.
Sergey Glazunov targeted two zero day vulnerabilities in Chrome Extension Sub system. Through this exploit a hacker can break into a Windows 7 machine (Even it is fully patched with latest updates) and execute the codes with the full permission of logged in user. Chrome was considered as the most secured browser due to its special sandboxed architecture that restricts the browser interaction with the OS. Here Glazunov targeted the holes in this sandbox structure.
Sundar Pichai of Google says about this
“Congrats to long-time Chromium contributor Sergey Glazunov who just submitted our first Pwnium entry. Looks like it qualifies as a “Full Chrome” exploit, qualifying for a $60k reward. We’re working fast on a fix that we’ll push via auto-update. This is exciting; we launched Pwnium this year to encourage the security community to submit exploits for us to help make the web safer. We look forward to any additional submissions to make Chrome even stronger for our users.”
{ 5 comments… read them below or add one }
Security is elusive. It can never be reached, and no one is god in the internet world.
seriously google think them-self as a tees mar khan, now they eat the dust
hats off to sergey 
Why I’m not surprised
look at http://www.chromium.org/Home/chromium-security/hall-of-fame
Woah, finally some one hacked the browser by Search giant Google. Thanks for the infomation Sujith
Today Anonymous hacked Facebook as well. I believe that anything which can be built can be demolished, in the sense that if a program/website is coded, a professional hacker can get into the system by playing around its code. I didn’t know that they organise such contests to actually hack into systems. But it makes sense as that way they get a tip about weaknesses in their respective system and can find ways to close down the loopholes for people who would want to hack them to cause harm to the system. It’s amazing what systems can do nowadays, but one must never forget that systems are built by people, and they take on their weaknesses. Great blog post Sujith!
{ 1 trackback }