Google Chrome team were so proud and confident on the leading track records of their browser in past browser exploit challenges. This time the mighty browser has been breeched by a Russian security researcher Sergey Glazunov. He won $ 60,000 from Google as a reward at CanSecWest Pwnium Hacking contest. This year Pwnium contest is being run as an alternative to more popular Pwn2Own contest. Total $1 Million was offered for different categories . $60,000 for full Chrome exploit (Windows 7 User account persistence using the only bugs in Chrome), $40,000 for Partial Chrome Exploit (Windows 7 local OS user account persistence using at lease a single bug in chrome plus other bugs) and $20,000 consolation reward for Windows 7 local OS user account persistence that does not use bugs in Chrome.
Sergey Glazunov targeted two zero day vulnerabilities in Chrome Extension Sub system. Through this exploit a hacker can break into a Windows 7 machine (Even it is fully patched with latest updates) and execute the codes with the full permission of logged in user. Chrome was considered as the most secured browser due to its special sandboxed architecture that restricts the browser interaction with the OS. Here Glazunov targeted the holes in this sandbox structure.
Sundar Pichai of Google says about this
“Congrats to long-time Chromium contributor Sergey Glazunov who just submitted our first Pwnium entry. Looks like it qualifies as a “Full Chrome” exploit, qualifying for a $60k reward. We’re working fast on a fix that we’ll push via auto-update. This is exciting; we launched Pwnium this year to encourage the security community to submit exploits for us to help make the web safer. We look forward to any additional submissions to make Chrome even stronger for our users.”