Major Google Chrome vulnerability fixed in 24 hours

By on March 9, 2012 at 3:50 PM.

Major Google Chrome vulnerability fixed in 24 hours

On Wednesday, a Russian hacker discovered a vulnerability in Google’s Chrome web browser during CanSecWest’s Pwnium hacker contest. It was the first time in four years at the competition that Chrome was hacked, and for his efforts, Sergey Glazunov was rewarded with $60,000. Less than 24 hours after the exploit was brought to Google’s attention, the search giant released an update fixing the vulnerability. “The Chrome Stable channel has been updated to 17.0.963.78 on Windows, Mac, Linux and Chrome Frame,” Google wrote on its Chrome update blog. “This release fixes issues with Flash games and videos, along with the security fix listed below.” Glazunov’s vulnerability is described as an “UXSS and bad history navigation” issue, however no other details were given. More →

No Comments

Major Google Chrome vulnerability uncovered by hacker at Pwnium contest

By on March 8, 2012 at 5:20 PM.

Major Google Chrome vulnerability uncovered by hacker at Pwnium contest

Russian university student Sergey Glazunov was able to hack into a secure Windows 7 machine using a remote code execution exploit in Google’s Chrome web browser in five minutes, ZDNet reported Wednesday. The exploit was found during CanSecWest’s Pwnium hacker contest, a competition similar to the popular Pwn2Own contest. Google offered a total of $1 million dollar in prize money to hackers who could exploit the company’s Chrome web browser. Glazunov was rewarded $60,000 for his exploit, which found a way around Chrome’s sandbox using vulnerabilities in the extension system. “It didn’t break out of the sandbox [but] it avoided the sandbox,” said Justin Schuh, a member of the Chrome security team. “It was an impressive exploit. It required a deep understanding of how Chrome works. This is not a trivial thing to do.” At Pwn2Own, the VUPEN team was able to hack all four major browsers — Google Chrome, Microsoft Internet Explorer, Apple Safari and Mozilla Firefox — with Chrome, which was hacked within five minutes, being the first to fall. This is the first time in four years at the competition that Google’s web browser has been hacked. The company is already working on an update that will fix the vulnerabilities uncovered at Pwnium and Pwn2Own. More →

No Comments