The new year is barely two months old and it's already been a brutal one for the disclosure of new vulnerabilities. Java, Adobe Reader, Flash, Google Chrome and a number of other widely deployed applications have all been hit with a slew of serious bugs in just the last few weeks. And that's likely to get worse this week as researchers convene in Vancouver for the Pwn2Own and Pwnium hacking contests.
At a Google-run competition in Vancouver last month, the search giant’s famously secure Chrome Web browser fell to hackers twice. Both of the new methods used a rigged website to bypass Chrome’s security protections and completely hijack a target computer. But while those two hacks defeated the company’s defenses, it was only a third one that actually managed to get under Google’s skin.
A security researcher based in Russia pocketed a cool $60,000 from Google on Wednesday after he submitted a a "full exploit" for a vulnerability in the difficult-to-compromise Chrome browser.
The winning entry was part of the inaugural Pwnium contest, in which Google is offering up to $1 million in prizes for bug hunters who can find a way to defeat its browser's much-vaunted sandbox architecture. The competition occurs at the annual CanSecWest security conference in Vancouver, British Columbia and coincides with the well-known Pwn2Own contest, run by HP TippingPoint.
Microsoft’s Internet Explorer 9 browser has fallen.
A team of French researchers exploited two different IE zero-day flaws to break into a fully patched Windows 7 SP1 machine and take an almost unassailable lead in this year’s CanSecWest Pwn2Own competition.
Charlie Miller won’t be defending his Pwn2Own hacking crown this year.
Miller, a Pwn2Own regular who makes headlines every year for his work breaking into fully patched Mac OS X machines, says he is skipping the contest this year because of the new rules that require on-the-spot writing of exploits.
