Skip to main content

Russian works around sandbox to pull off Chrome exploit

posted onMarch 9, 2012
by l33tdawg

A security researcher based in Russia pocketed a cool $60,000 from Google on Wednesday after he submitted a a "full exploit" for a vulnerability in the difficult-to-compromise Chrome browser.

The winning entry was part of the inaugural Pwnium contest, in which Google is offering up to $1 million in prizes for bug hunters who can find a way to defeat its browser's much-vaunted sandbox architecture. The competition occurs at the annual CanSecWest security conference in Vancouver, British Columbia and coincides with the well-known Pwn2Own contest, run by HP TippingPoint.

The only Pwnium victor so far has been Sergey Glazunov, a student who is a longtime contributor to Chromium and a winner of multiple bug bounties from the tech giant. He wrote the winning exploit for a fully patched Windows 7 machine that could be remotely executed if a victim simply visits a compromised website. Google patched the flaw Thursday and was auto-updating users' browsers with a new version.



Hacker Russia Chrome Google Security Pwn2Own

You May Also Like

Recent News

Tuesday, March 20th

Monday, March 19th

Friday, March 16th

Thursday, March 15th

Wednesday, March 14th

Tuesday, March 13th