Tag Archives: Pwn2Own

$1 Million Reward Offered by Google for Finding Exploits in Chrome

Google has offered a total of $1 million for hackers in the Pwn2Own hacker contest if they find security exploits in their Chrome browser, the company’s security team announced. In its sixth year of running, the Pwn2Own contest has seen vulnerabilities being exposed for fully patched and functional browsers such as Internet Explorer and Safari. However, no hacker group has tried aiming at Chrome, especially since it is well protected behind a sandbox.


Google stated that the rewards – awarded in a first-come first-serve basis to anyone who can show the exploit – will be tiered with $60,000 going for a full-browser exploit, $40,000 for a partial exploit and $20,000 as a consolation reward:-

$60,000 – “Full Chrome exploit”: Chrome / Win7 local OS user account persistence using only bugs in Chrome itself.
$40,000 – “Partial Chrome exploit”: Chrome / Win7 local OS user account persistence using at least one bug in Chrome itself, plus other bugs. For example, a WebKit bug combined with a Windows sandbox bug.
$20,000 – “Consolation reward, Flash / Windows / other”: Chrome / Win7 local OS user account persistence that does not use bugs in Chrome. For example, bugs in one or more of Flash, Windows or a driver. These exploits are not specific to Chrome and will be a threat to users of any web browser. Although not specifically Chrome’s issue, we’ve decided to offer consolation prizes because these findings still help us toward our mission of making the entire web safer.

The rewards will be given away until the $1 million mark is reached. The winners will also receive a Chromebook (yay!). However, Google withdrew from sponsoring Pwn2Own this year, since they found out that the hackers are not required to publish the entire exploit this year.

Originally, our plan was to sponsor as part of this year’s Pwn2Own competition. Unfortunately, we decided to withdraw our sponsorship when we discovered that contestants are permitted to enter Pwn2Own without having to reveal full exploits (or even all of the bugs used!) to vendors.

Google Funded Browser Research Claims Chrome is Most Secure, Firefox is Least!

Google has recently funded a research, which identified Chrome as the most secure web browser and Firefox the least. The reputed security firm Accuvant, which counts Charlie Miller as one of its Research Consultants, carried out the research.  Charles Miller was the first to find vulnerabilities in the iPhone and Android G1. He has also been winning the  CanSecWest Pwn2Own for the last four years. That makes him quite the guy for this kind of a research.

firefox-logoThis research puts Google Chrome at the top, which has stayed unbeaten at Pwn2Own. Google funded this research knowing it will emerge at the top. Then, what was the real objective of this research? Of course, it was not about re-establishing facts. This research was aimed straight at Firefox.

Firefox has been the browser of choice for a majority of people. When Google Chrome started out, Firefox had a decisive user share. However, now, that Google Chrome is rising and has overtaken Firefox, Firefox is no more than a threat to Google Chrome. The only reason for conducting this research was to try to get people off the Firefox bandwagon. With most of the Internet using Google Chrome, Google would have a decisive control over the way people use the Internet.

The browser-security  comparison results  are available at this page with the following description:

The Accuvant LABS research team completed an extensive security evaluation of the three most widely used browsers Mozilla Firefox, Google Chrome, and Microsoft Internet Explorer to determine which browser best secures against attackers. The team used a completely different and more extensive methodology than previous, similar studies. They compared browsers from a layered perspective, taking into account security architecture and anti-exploitation techniques.

Accuvant has also pointed out areas where Firefox can improve its code base. Mozilla’s Director of Engineering Jonathan  Nightingale  has  responded to the research  saying,

Firefox includes a broad array of technologies to eliminate or reduce security threats, from platform level features like address space randomization to internal systems like our layout frame poisoning system. Sandboxing is a useful addition to that toolbox that we are investigating, but no technology is a silver bullet. We invest in security throughout the development process with internal and external code reviews, constant testing and analysis of running code, and rapid response to security issues when they emerge. We’re proud of our reputation on security, and it remains a central priority for Firefox.

Google Is Ready To Bet $20K on Chrome the Web Browser, Not the Chrome OS Powered CR-48 Notebook

Google is keen on betting huge amounts on its secure and sandboxed Google Chrome web browser. The hackathon at Pwn2Own has seen the Google Chrome web browser enter as a contender with prize money worth $20,000 and a CR-48 notebook, all from Google.


Given the success last year, Google Chrome is keen on seeing whether its sandbox has any discovered flaws this year. Breaking the browser makes breaking the underlying sandbox imminent and this amount of prize money will definitely attract some enthusiasts. Browser manufacturers are also in the habit of fixing security bugs last minute. Therefore, sniping is a risky option and it is best to have a proper investigation beforehand.

PC World has demystified all rumors regarding the bounty and has written,

There are some false reports that Google is offering the bounty for successfully cracking its Chrome OS-based CR-48 notebook. The Google CR-48 notebook will be awarded along with the $20,000 for a successful attack against the Chrome Web browser, but the Pwn2Own info clearly states that the notebook is merely a prize. There will be no attacks mounted against the Chrome OS, and the target Chrome Web browser will actually be running on the latest 64-bit release of either Windows 7 or Mac OS X.

With this year, Google Chrome will probably record a third year of being uncrackable. Its sandbox has been appreciated by many and it efficiently filters out all scripts disallowing them to run on the disk. This offer by Google is the largest on ever by a Pwn2Own participant.

While browsers like Internet Explorer are catching up in security, others like Safari have a reputation of being cracked instantaneously.

(Image: modmyi.com)

Firefox 3.6.3 Patches Pwn2Own Flaw, Back to Security

Mozilla has released a quick update to its flagship Firefox Browser. This release 3.6.3 fixes the security flaws exploited at the Pwn2Own contest. The security flaw discovered at Pwn2Own affected only Firefox 3.6and later versions directly.


The Mozilla Security Advisor had added this flaw to their website writing,

A memory corruption flaw leading to code execution was reported by security researcher  Nils of MWR InfoSecurity during the 2010 Pwn2Own contest sponsored by TippingPoint’s Zero Day Initiative. By moving DOM nodes between documents Nils found a case where the moved node incorrectly retained its old scope. If garbage collection could be triggered at the right time then Firefox would later use this freed object.

This flaw was address on April 1st, 2010 by Nils who also happens to be a security researcher. Mozilla has been quick in responding to this zero day exploit. The exploit of this flaw was a big challenge in itself, it being a zero day flaw.

To get the latest secure version of Firefox which has a fix for this flaw, go to Help -> Check for Updates and install the latest suggested release.

Pwn2Own Hackfest: Day One Déjà vu

The day one of Pwn2Own just got over and the results gave me a Déjà vu. Browsers started falling starting with Safari on Snow Leopard followed by Internet Explorer 8 and Firefox 3. The Safari hack was once again claimed by Charlie Miller, this time third year in a row. Peter Vreugdenhil broke into Internet Explorer 8 on Windows 7 and both the Safari and Internet Explorer attack were carried out through remote malicious codes.

Firefox 3 was hacked on a 64 bit Windows 7 by Nils, who happens to be a German CS student. He is also a familiar face who had successfully hacked Firefox, Safari and Internet Explorer at last year’s Pwn2Own.

In the midst of all this hacking and remote code execution, one browser which was left untouched was Google Chrome. Google Chrome was not even attempted to be hacked because of its sandboxed environment. Charlie Miller from last year’s Pwn2Own explains Google Chrome’s behavior saying,

There are bugs in Chrome but they’re very hard to exploit. I have a Chrome vulnerability right now but I don’t know how to exploit it. It’s really hard. They’ve got that sandbox model thats hard to get out of. With Chrome, it’s a combination of things — you can’t execute on the heap, the OS protections in Windows and the Sandbox.

The winners, that is, the successful hackers won a sum of $10,000 and the hacked system as prize. Even though Firefox and Internet Explorer applied security patches just before the starting of the hackfest, they did not get spared.
[Via: neowin ]