Google Chrome Hacked- $60,000 goes to Sergey Glazunov

6 comments

Google Chrome team were so proud and confident on the leading track records of their browser in past browser exploit challenges. This time the mighty browser has been breeched by a Russian security researcher Sergey Glazunov. He won $ 60,000 from Google as a reward at CanSecWest Pwnium Hacking contest. This year Pwnium contest is being run as an alternative to more popular Pwn2Own contest. Total $1 Million was offered for different categories . $60,000 for full Chrome exploit (Windows 7 User account persistence using the only bugs in Chrome), $40,000 for Partial Chrome Exploit (Windows 7 local OS user account persistence using  at lease a single bug in chrome plus other bugs) and $20,000 consolation reward for Windows 7 local OS user account persistence that does not use bugs in Chrome.

pwnium thumb Google Chrome Hacked  $60,000 goes to Sergey Glazunov

Sergey Glazunov targeted two zero day vulnerabilities in Chrome Extension Sub system.  Through this exploit a hacker can break into a Windows 7 machine (Even it is fully patched with latest updates) and execute the codes with the full permission of logged in user. Chrome was considered as the most secured browser due to its special sandboxed architecture that restricts the browser interaction with the OS. Here Glazunov targeted the holes in this sandbox structure. 

Sundar Pichai of Google says about this

“Congrats to long-time Chromium contributor Sergey Glazunov who just submitted our first Pwnium entry. Looks like it qualifies as a “Full Chrome” exploit, qualifying for a $60k reward. We’re working fast on a fix that we’ll push via auto-update. This is exciting; we launched Pwnium this year to encourage the security community to submit exploits for us to help make the web safer. We look forward to any additional submissions to make Chrome even stronger for our users.”



style=”display:inline-block;width:336px;height:280px”
data-ad-client=”ca-pub-6771269864674384″
data-ad-slot=”8343618572″>

  • Anubhab 03/08/2012, 10:27 PM Reply

    Security is elusive. It can never be reached, and no one is god in the internet world. :)

  • Pradeep Bhandari 03/10/2012, 11:32 AM Reply

    seriously google think them-self as a tees mar khan, now they eat the dust :P hats off to sergey :)

  • PVC stolarija 03/12/2012, 8:22 AM Reply
  • Naser @ Tech Blog 03/30/2012, 1:25 PM Reply

    Woah, finally some one hacked the browser by Search giant Google. Thanks for the infomation Sujith :)

  • Brady Kitson 06/01/2012, 10:23 PM Reply

    Today Anonymous hacked Facebook as well. I believe that anything which can be built can be demolished, in the sense that if a program/website is coded, a professional hacker can get into the system by playing around its code. I didn’t know that they organise such contests to actually hack into systems. But it makes sense as that way they get a tip about weaknesses in their respective system and can find ways to close down the loopholes for people who would want to hack them to cause harm to the system. It’s amazing what systems can do nowadays, but one must never forget that systems are built by people, and they take on their weaknesses. Great blog post Sujith!

Leave a Comment

*