Hackers Rejoice, Google Chrome Fails Twice

By | March 8, 2012 | 13 Comments

Hackers Rejoice, Google Chrome Fails TwiceSecurity contests prove to be useful.

Just as some might have thought that Google’s Chrome sandboxing feature is bullet proof, Sergey Glazunov, a security researcher who have found quite a few vulnerabilities in the fast, has enriched his life with a $60k reward, received for a “Full Chrome” exploit, which bypassed the sandbox feature. Although Google Chrome was previously known to withstand various attacks in Pwn2Own and similar contests, this time it was the first to fail.

Justin Schuh, Chrome’s security team member said, “It was an impressive exploit. It required a deep understanding of how Chrome works. This is not a trivial thing to do. It’s a very difficult and that’s why we’re paying $60,000.”

The second exploit was executed by a team from VuPen Security, which took about 6 weeks to write and test. According to Chaouki Bekrar, the co-founder of VuPen Security, they wanted to demonstrate that Chrome not as unbreakable as some might have though.

While details about exploits were not revealed, he said, “We had to use two vulnerabilities. The first one was to bypass DEP and ASLR on Windows and a second one to break out of the Chrome sandbox. It was a use-after-free vulnerability in the default installation of Chrome [which] worked against the default installation so it really doesn’t matter if it’s third-party code anyway.”

[Thanks to everyone who sent this]

[Via i-programmer]

About (Author Profile)

Vygantas is a former web designer whose projects are used by companies such as AMD, NVIDIA and departed Westood Studios. Being passionate about software, Vygantas began his journalism career back in 2007 when he founded FavBrowser.com. Having said that, he is also an adrenaline junkie who enjoys good books, fitness activities and Forex trading.

  • Guest01

    This is written in 2nd grade English.

    • http://twitter.com/bricky149 Shane Bundy

      3 mistakes and you say it’s “2nd grade English?”

      • Anonymous

        No one expects high level English in the comments section, since people are posting from all over the world, but the articles section of a site that strives to be appreciated and informative should be subjected to at least the most basic level of spellchecking.

        ” they wanted to demonstrate that Chrome not as unbreakable as some might have though.”
        That’s not really academic level :)

        • http://twitter.com/bricky149 Shane Bundy

          For as long as I can understand what it says I’m happy. :)

          Why can’t we have ranters on the case of Windows 8 being a flop instead of puny typos and spelling errors?

          • Anonymous

            One windows 8 hasn’t been fully released yet.

            Two: Who gives two shits what you say. Live with your outdated software. They are trying something new and risks come with that. If people didn’t take risks, we wouldn’t evolve 

          • http://twitter.com/bricky149 Shane Bundy

            PMS problems, I see. Cool off and re-read what I said.

            I’ll have to geekify myself on Linux if I want it to work the way I’d like it to. Who said I was going to stay on Windows 7?

            Sadly, Metro IS a flop on desktop. Ask anyone who’s aware of Windows 8 and ask them if they’d want it on their desktop. Don’t be surprised at their answers.

  • Guest

    Wow!! thats a good hack. Find all the vulnerable in all browsers and make everyone safe.

    • http://twitter.com/bricky149 Shane Bundy

      Guest01 might accuse you of “2nd grade English” since they believe they are the Oxford Dictionary of the Interwebs. :P

  • http://hector-macias.blogspot.com Hector Macias Ayala

    I dont think Chrome was ever unbreakable, the thing is noone was really trying.

    • http://twitter.com/bricky149 Shane Bundy

      I think it was last year that the guy who was supposed to defeat Chrome failed to turn up. IMO Chrome’s security is overexaggerated and is probably as safe as Firefox.

  • adumpaul

    Not easy to stop Hacker.

  • Anonymous

    Change title to “Nerds Rejoice”

    • http://twitter.com/bricky149 Shane Bundy

      Let me guess, nerds prefer Firefox to Chrome and they’d love news like this.