Hackers Rejoice, Google Chrome Fails Twice

By | March 8, 2012

Hackers Rejoice, Google Chrome Fails TwiceSecurity contests prove to be useful.

Just as some might have thought that Google’s Chrome sandboxing feature is bullet proof, Sergey Glazunov, a security researcher who have found quite a few vulnerabilities in the fast, has enriched his life with a $60k reward, received for a “Full Chrome” exploit, which bypassed the sandbox feature. Although Google Chrome was previously known to withstand various attacks in Pwn2Own and similar contests, this time it was the first to fail.

Justin Schuh, Chrome’s security team member said, “It was an impressive exploit. It required a deep understanding of how Chrome works. This is not a trivial thing to do. It’s a very difficult and that’s why we’re paying $60,000.”

The second exploit was executed by a team from VuPen Security, which took about 6 weeks to write and test. According to Chaouki Bekrar, the co-founder of VuPen Security, they wanted to demonstrate that Chrome not as unbreakable as some might have though.

While details about exploits were not revealed, he said, “We had to use two vulnerabilities. The first one was to bypass DEP and ASLR on Windows and a second one to break out of the Chrome sandbox. It was a use-after-free vulnerability in the default installation of Chrome [which] worked against the default installation so it really doesn’t matter if it’s third-party code anyway.”

[Thanks to everyone who sent this]

[Via i-programmer]

About (Author Profile)

Vygantas is a former web designer whose projects are used by companies such as AMD, NVIDIA and departed Westood Studios. Being passionate about software, Vygantas began his journalism career back in 2007 when he founded FavBrowser.com. Having said that, he is also an adrenaline junkie who enjoys good books, fitness activities and Forex trading.

Comments (13)

Trackback URL | Comments RSS Feed

  1. Guest01 says:

    This is written in 2nd grade English.

    • Shane Bundy says:

      3 mistakes and you say it’s “2nd grade English?”

      • Anonymous says:

        No one expects high level English in the comments section, since people are posting from all over the world, but the articles section of a site that strives to be appreciated and informative should be subjected to at least the most basic level of spellchecking.

        ” they wanted to demonstrate that Chrome not as unbreakable as some might have though.”
        That’s not really academic level :)

        • Shane Bundy says:

          For as long as I can understand what it says I’m happy. :)

          Why can’t we have ranters on the case of Windows 8 being a flop instead of puny typos and spelling errors?

          • Anonymous says:

            One windows 8 hasn’t been fully released yet.

            Two: Who gives two shits what you say. Live with your outdated software. They are trying something new and risks come with that. If people didn’t take risks, we wouldn’t evolve 

          • Shane Bundy says:

            PMS problems, I see. Cool off and re-read what I said.

            I’ll have to geekify myself on Linux if I want it to work the way I’d like it to. Who said I was going to stay on Windows 7?

            Sadly, Metro IS a flop on desktop. Ask anyone who’s aware of Windows 8 and ask them if they’d want it on their desktop. Don’t be surprised at their answers.

  2. Guest says:

    Wow!! thats a good hack. Find all the vulnerable in all browsers and make everyone safe.

  3. I dont think Chrome was ever unbreakable, the thing is noone was really trying.

    • Shane Bundy says:

      I think it was last year that the guy who was supposed to defeat Chrome failed to turn up. IMO Chrome’s security is overexaggerated and is probably as safe as Firefox.

  4. adumpaul says:

    Not easy to stop Hacker.

  5. Anonymous says:

    Change title to “Nerds Rejoice”