Skip to main content

Russian works around sandbox to pull off Chrome exploit

posted onMarch 9, 2012
by l33tdawg

A security researcher based in Russia pocketed a cool $60,000 from Google on Wednesday after he submitted a a "full exploit" for a vulnerability in the difficult-to-compromise Chrome browser.

The winning entry was part of the inaugural Pwnium contest, in which Google is offering up to $1 million in prizes for bug hunters who can find a way to defeat its browser's much-vaunted sandbox architecture. The competition occurs at the annual CanSecWest security conference in Vancouver, British Columbia and coincides with the well-known Pwn2Own contest, run by HP TippingPoint.

The only Pwnium victor so far has been Sergey Glazunov, a student who is a longtime contributor to Chromium and a winner of multiple bug bounties from the tech giant. He wrote the winning exploit for a fully patched Windows 7 machine that could be remotely executed if a victim simply visits a compromised website. Google patched the flaw Thursday and was auto-updating users' browsers with a new version.

Source

Tags

Hacker Russia Chrome Google Security Pwn2Own

You May Also Like

Recent News

Monday, December 18th

Sunday, December 17th

Friday, December 15th

Thursday, December 14th

Wednesday, December 13th