Click to Skip Ad
Closing in...

Major Google Chrome vulnerability uncovered by hacker at Pwnium contest

Updated Dec 19th, 2018 7:49PM EST
BGR

If you buy through a BGR link, we may earn an affiliate commission, helping support our expert product labs.

Russian university student Sergey Glazunov was able to hack into a secure Windows 7 machine using a remote code execution exploit in Google’s Chrome web browser in five minutes, ZDNet reported Wednesday. The exploit was found during CanSecWest’s Pwnium hacker contest, a competition similar to the popular Pwn2Own contest. Google offered a total of $1 million dollar in prize money to hackers who could exploit the company’s Chrome web browser. Glazunov was rewarded $60,000 for his exploit, which found a way around Chrome’s sandbox using vulnerabilities in the extension system. “It didn’t break out of the sandbox [but] it avoided the sandbox,” said Justin Schuh, a member of the Chrome security team. “It was an impressive exploit. It required a deep understanding of how Chrome works. This is not a trivial thing to do.” At Pwn2Own, the VUPEN team was able to hack all four major browsers — Google Chrome, Microsoft Internet Explorer, Apple Safari and Mozilla Firefox — with Chrome, which was hacked within five minutes, being the first to fall. This is the first time in four years at the competition that Google’s web browser has been hacked. The company is already working on an update that will fix the vulnerabilities uncovered at Pwnium and Pwn2Own.

Read

Dan joins the BGR team as the Android Editor, covering all things relating to Google’s premiere operating system. His work has appeared on Fox News, Fox Business and Yahoo News, among other publications. When he isn’t testing the latest devices or apps, he can be found enjoying the sights and sounds of New York City.