Teenager Wins $60,000 at Pwnium 2 by Hacking Google Chrome
By on October 11th, 2012

The second installment of Google’s hacking fest Pwnium has just wrapped up, and once again Google Chrome’s security features were successfully bypassed. Earlier this year, Chrome fell for the first time when VUPEN managed to exploit Chrome within five minutes at the first installment of Pwnium. During the same event, two more hackers – Pinkie Pie and Sergey Glazunov, managed to humble Chrome and bag the top award of $60,000.

Google-Chrome-PwniumThe second edition of Pwnium was organized as a part of the ‘Hack in the Box 2012′ security conference held in Kuala Lumpur. This time around, Chrome’s sandboxing mechanism was defeated by exploiting two flaws – an “SVG use-after-free” and an “IPC arbitrary write”. The exploiter was once again Pinkie Pie. Since his exploit depended entirely on bugs within Chrome to achieve arbitrary code execution, it qualified for Google’s highest award level as a “full Chrome exploit”, and won him $60,000 and a free Chromebook.

Detailed explanation of the bugs leveraged by Pinkie Pie is still not available. However, the good news is that Google has already patched the vulnerability, so even if you use Chrome, you are safe. Google deserves a round of applause for not only encouraging the security community to discover bugs in Chrome, but also for patching the vulnerability in less than twelve hours after its disclosure.

Tags: , , ,
Author: Pallab De Google Profile for Pallab De
Pallab De is a blogger from India who has a soft spot for anything techie. He loves trying out new software and spends most of his day breaking and fixing his PC. Pallab loves participating in the social web; he has been active in technology forums since he was a teenager and is an active user of both twitter (@indyan) and facebook .

Pallab De has written and can be contacted at pallab@techie-buzz.com.

Leave a Reply

Name (required)

Website (optional)

 
 
Copyright 2006-2012 Techie Buzz. All Rights Reserved. Our content may not be reproduced on other websites. Content Delivery by MaxCDN