Russian university student Sergey Glazunov was able to hack into a secure Windows 7 machine using a remote code execution exploit in Google’s Chrome web browser in five minutes, ZDNet reported Wednesday. The exploit was found during CanSecWest’s Pwnium hacker contest, a competition similar to the popular Pwn2Own contest. Google offered a total of $1 million dollar in prize money to hackers who could exploit the company’s Chrome web browser. Glazunov was rewarded $60,000 for his exploit, which found a way around Chrome’s sandbox using vulnerabilities in the extension system. “It didn’t break out of the sandbox [but] it avoided the sandbox,” said Justin Schuh, a member of the Chrome security team. “It was an impressive exploit. It required a deep understanding of how Chrome works. This is not a trivial thing to do.” At Pwn2Own, the VUPEN team was able to hack all four major browsers — Google Chrome, Microsoft Internet Explorer, Apple Safari and Mozilla Firefox — with Chrome, which was hacked within five minutes, being the first to fall. This is the first time in four years at the competition that Google’s web browser has been hacked. The company is already working on an update that will fix the vulnerabilities uncovered at Pwnium and Pwn2Own. More →
A new research report from Chitika Insights suggests Chrome, Firefox and Safari are eating away at Microsoft’s dominant share of the web browser market. Internet Explorer’s overall share dropped from 56% in July to 54% in August while Firefox’s market share increased from 19% to 20% and Safari’s share grew one point to 9%. Between July 2010 and July 2011, however, Microsoft’s browser share remained steady at 56%. Google’s Chrome web browser saw its share increase from 9% to 16% year-over-year at the expense of Firefox and Safari, which lost 5% and 1% of the market, respectively. Chitika said it expects Firefox’s share to increase as Mozilla continues to release frequent updates to its web browser. In addition, Internet Explorer’s share will “stabilize from its recent losses” when Microsoft releases Windows 8 and Internet Explorer 10. More →
Amazon launched its new Kindle Cloud Reader service on Wednesday that provides users with access their Kindle library using Chrome or Safari on Mac, PC, Linux and the Chromebook. Kindle Cloud Reader is also optimized for the iPad and offers a caching feature for offline reading. To get started, simply navigate to http://read.amazon.com and install the small required plug-in. We gave the service a quick run this morning and were impressed by how fast it loaded our eBook library. We definitely still prefer the standalone app on the iPad, but we’re sure Amazon created this option as a loophole to get around Apple’s iTunes App Store rules. Don’t use Safari or Chrome? Amazon still has you covered with its Kindle for PC client. Read on for the full press release. More →
Research firm Net Applications released its most recent browser share trend report on Monday. The latest information suggests that adoption of the Chrome web browser slowed slightly, possibly due to an increase in Safari’s popularity. Chrome had a 13.45% market share during the month of July, up .34 percentage points from the 13.11% share it had in June. Between May and June, however, Chrome’s market share increased .59 percentage points. Apple’s Safari web browser had a 8.05% share of the web browser market during July, up .57 percentage points from June. Despite declines in market share, Internet Explorer and Firefox remain the two most popular browser options with a 52.81% and 21.48% share of the market, respectively. Opera has a 1.65% grip on the market and other browser options are responsible for 2.56% collectively. More →
Amazon updates Cloud Drive and Cloud Player with unlimited music space, free storage for Amazon MP3s, iPad web player
Moments ago Amazon announced that it has made a number of enhancements to its Amazon Cloud Drive and Cloud Player services. First — for a limited time — anyone who signs up will get unlimited space for music. That includes users who signs up for the minimum $20/year 20GB plan. Second, Amazon has announced that Cloud Drive customers can now store all MP3s purchased from the Amazon MP3 music store for free — that includes those that were bought before Amazon launched the Cloud Drive and Cloud Player services, and your tunes don’t count against the overall storage count. Finally, Amazon announced that its Cloud Player for Web is now available on the iPad, and that it’s been optimized for use with the Safari browser. Simply visit http://www.amazon.com/cloudplayer from your iPad to get started. Hit the jump for the full press release. More →
Web-based jailbreak tool Jailbreakme.com is back, and jailbreaking your iPhone, iPad or iPad touch has never been easier. How easy is it, you ask? Simply navigate to jailbreakme.com in Safari on your iOS device and then follow the on-screen instructions. Within seconds, you’ll be on your way to sporting an open iDevice. What’s more, JailbreakMe 3.0 is the first widely available tool to feature support for the iPad 2 (running iOS 4.3.3), so tablet owners will undoubtedly be excited about that. The service also supports every other iOS device other than Apple TV: iPad (iOS 4.3+), iPhone 3GS (iOS 4.3+), GSM iPhone 4 (iOS 4.3+), CDMA iPhone 4 (iOS 4.2.6+) and third or fourth-gen iPod touch (iOS 4.3+). Developer betas of iOS 5 are not supported. Remember to back up with iTunes before jailbreaking and, of course, proceed at your own risk. More →
Break out your tin foil hats, people — they’re out to get you. Apple finally issued a statement on Wednesday regarding the recent uproar over iOS devices tracking their owners’ locations, but a new report from The Wall Street Journal will ensure that consumers can continue to cry foul. According to the WSJ, Apple and Google both track users’ locations not only using mobile devices, but also using computers. Apple allegedly collects location information each time its Mac computers scan for wireless networks, and Google is said to collect location data from Wi-Fi connected computers that use its Chrome browser or its search toolbar plug-in with other browsers. The report notes that it is unclear how Apple and Google use this data, and it says in “most cases” the location tracking services are opt-in. More →
During Microsoft’s MIX conference in Las Vegas, Windows Phone director Joe Belfiore took the stage to demonstrate how well Microsoft’s new Internet Explorer 9 mobile browser can render HTML5 websites. He fired up a device running Microsoft’s new Windows Phone “Mango” update with IE9 installed and hardware acceleration, and then started an HTML5 speed test pitting the Mango device against the iPhone 4 and the Google Nexus S. Belfiore was so confident in the new browser that he gave the iPhone 4 a head start. Nonetheless, IE9 loaded the demo faster and came out on top, having displayed the test at 20 frames per second. It was followed by the Android browser on the Nexus S, which rendered the same demo at 11 frames per second, and then the iPhone 4 at 2 frames per second. This wasn’t exactly an independent test given that it was preformed by Microsoft and likely under optimal conditions, but we are definitely still impressed with what we’ve seen so far — let’s just hope the update to Mango goes a bit smoother than NoDo. Hit the jump for the video comparison. More →
Apple’s iPad 2 just launched on Friday but you’d be hard-pressed to find a single iPad 2 in stores. Virtually every Apple store, AT&T store, Verizon Wireless store, Best Buy, Target, and Walmart are sold out, and Apple’s online store is showing shipping times of up to one month — but we have you covered! We have an iPad 2 we’re giving away in typical BGR fashion, so you can FaceTime, GarageBand-create, iMovie-edit, and Safari-surf to your heart’s content. The model that’s up for grabs is a 64GB AT&T (3G) black iPad 2. Here are the contest rules!
- To enter, drop a comment below letting us know why you should be the lucky winner of an iPad 2 that you can’t get anywhere else. Would it be your first Apple device? Did you get one of those $99 Android tablets and regret it ever since? Break it down for us!
- Like us on Facebook and follow us on Twitter if you have accounts
- The giveaway will run for one week until March 21st, at 11:59PM ET
- The contest is open to everyone 18 years of age or older, and it is in an international contest — that’s right — if you’re reading this, there’s a good chance you’re eligible.
Add Apple’s iOS and Research In Motion’s BlackBerry OS to the list of victims at this year’s Pwn2Own challenge. Conference veteran Charlie Miller, along with Dion Blazakis, deployed an exploit to iOS 4.2.1 through a vulnerability in Safari. By navigating to a custom-made webpage, the duo were able to execute remote code and gain access to the iOS address book. Vincenzo Iozzo, Willem Pinckaers, and Ralf Philipp Weinmann also utilized a WebKit-based vulnerability to take down a BlackBerry Torch running BlackBerry OS 188.8.131.52. The three researchers noted that the exploit used on the BlackBerry’s mobile OS was difficult to craft due to the lack of documentation, software tools, and resources available. They also noted that most of the operating systems security was achieved via obscurity, and stated that the company was “way behind the iPhone at the moment, from a security perspective.” No conference participants have yet to challenge Google’s Android or Microsoft’s Windows Phone 7 operating systems. More →