You’ve got to hand it to Google. Only they could celebrate a significant flaw being found in their browser, costing them $60,000.
There have actually been two separate hacks of Chrome this week: one at the annual CanSecWest security conference and one announced through a Google bounty program.
You’ve got to hand it to Google. Only they could celebrate a significant flaw being found in their browser, costing them $60,000.
There have actually been two separate hacks of Chrome this week: one at the annual CanSecWest security conference and one announced through a Google bounty program.
That appears to be exactly what a Russian student named Sergey Glazunov (who has previously contributed to Chromium, the open source project behind the Chrome browser) has done, earning himself a $60,000 reward. Google says a fix is in the works and will be sent out via auto-update as soon as its ready. The company is putting a positive spin on the discovery, calling it “exciting” and saying it looks forward to more bugs being discovered.
In a weird piece of timing, the second confirmed full hack of Chrome came on the same day, this time at the CanSecWest’s Pwn2Own contest. In fact Chrome was the first browser to be violated at the event, with a team of hackers named Vupen using a specially created website to force Chrome’s calculator to run outside of the sandbox.
Vupen isn’t making the details of its successful hack public yet. It may be based on an exploit it submitted to Google that was turned down for the bounty program as it involved third-party code (thought to be Flash.)
It should be noted that Vupen members believe Chrome is still the most secure browser. It appears they picked it as a target because it seemed most likely that no other competitors would be trying out a similar solution.