Skip to main content

Russian works around sandbox to pull off Chrome exploit

posted onMarch 9, 2012
by l33tdawg

A security researcher based in Russia pocketed a cool $60,000 from Google on Wednesday after he submitted a a "full exploit" for a vulnerability in the difficult-to-compromise Chrome browser.

The winning entry was part of the inaugural Pwnium contest, in which Google is offering up to $1 million in prizes for bug hunters who can find a way to defeat its browser's much-vaunted sandbox architecture. The competition occurs at the annual CanSecWest security conference in Vancouver, British Columbia and coincides with the well-known Pwn2Own contest, run by HP TippingPoint.

The only Pwnium victor so far has been Sergey Glazunov, a student who is a longtime contributor to Chromium and a winner of multiple bug bounties from the tech giant. He wrote the winning exploit for a fully patched Windows 7 machine that could be remotely executed if a victim simply visits a compromised website. Google patched the flaw Thursday and was auto-updating users' browsers with a new version.

Source

Tags

Hacker Russia Chrome Google Security Pwn2Own

You May Also Like

Recent News

Thursday, May 17th

Monday, May 14th

Tuesday, May 8th

Saturday, May 5th

Thursday, May 3rd

Wednesday, May 2nd

Tuesday, May 1st

Friday, April 27th