Annual Hacker Competition sees researchers target Chrome

by Alistair Lowe on 12 March 2012, 10:13

Tags: Google (NASDAQ:GOOG), Microsoft (NASDAQ:MSFT)

Quick Link: HEXUS.net/qabdsf

Add to My Vault: x

It's that time again folks, the hosting of the Pwn2Own hacking contest.

This year has, for the first time, seen Google's Chrome browser fall almost immediately to two zero-day exploits, which had avoided discovery for the past three years. The exploits make use of a use-after-free bug to bypass typical protection such as Data Execution Prevision (DEP) and Address Space Layout Randomization (ASLR), combined with a second exploit that allows execution of code, outside the safety of the Chrome sandbox.

Though exact details of the hack were not revealed, it's strongly suspected to be via a bundled Adobe Flash plugin, surprise surprise, which to function correctly requires a less stringent sandbox to run in.

Researchers this year paid specific attention to Google Chrome, as the browser had previously been seen as an impregnable fortress protecting web users. Shortly after the downfall of the previously undefeated king, the latest release of Internet Explorer 9, a top Windows 7 SP1 was successfully hacked, likewise, with two previously unknown exploits, with other browsers following trend throughout the event.

Researchers commented that it was easier to break free of the Internet Explorer 9 sandbox than the sandbox of Chrome, as it's both less restrictive and riddled with memory corruptions. It was pointed out, however, that the latest beta of IE 10 running in Protected Mode did come much closer to the security offered up by Chrome and could pose some serious competition in the near future.

No doubt both Google and Microsoft will be rushing to implement a few fixes into their next releases.



HEXUS Forums :: 4 Comments

Login with Forum Account

Don't have an account? Register today!
According to what I've seen elsewhere Google moved very quickly to plug one of those holes - e.g. see http://googlechromereleases.blogspot.com/2012/03/chrome-stable-channel-update.html
Nice to know that the Chrome team are continuing to take security seriously.
crossy
According to what I've seen elsewhere Google moved very quickly to plug one of those holes - e.g. see http://googlechromereleases.blogspot.com/2012/03/chrome-stable-channel-update.html
Nice to know that the Chrome team are continuing to take security seriously.

Indeed, I remain a strong fan.
Rapid patching is great to see but you have to wonder whether this is regular practice or was rushed out because of the PR implications.

I've often been tempted by Chrome but haven't been able to shake the Opera habit yet (if you haven't seen their potato gun youtube video you should).
lkarunan
Rapid patching is great to see but you have to wonder whether this is regular practice or was rushed out because of the PR implications.
Looking at past practice (and I'm not sure Scribe will disagree) seems to show that the Chrome team are pretty much on the ball. As to the PR implications, there doesn't seem to have been much fanfare about the update, so I'd suspect that they're just wanting to “do it right”.

Certainly the Security Now! podcast folks (Leo Laporte and Steve Gibson) seem to like Chrome.