Hacker scoops $ 60,000 for Chrome hack

Google responded within hours to update - "Pinky Pie" succeeds for the second time full hack



Google  praised for several years from various rewards for the detection of security vulnerabilities in Chrome browser, a concept that has so far proved to be very successful, you could use the community but already detect many errors and repair. Pwnium with you in the spring for the first time announced a separate chopping competition, now there was its successor - and again the Chrome could be cracked.

Repetition

As early as the spring  succeeded  one acting under the pseudonym "Pinky Pie" hackers trick the security mechanisms of Chrome, and thus to obtain from outside access to the local system. Compared to the first hack - in which six bugs were used in series - the attack vector was almost simple: First, a fault of the Webkit rendering engine in the processing of SVG images exploited to break out of the rendering process. After that, however, was still a second exploit needed to overcome the sandbox of Chrome can, this use was a bug in the interprocess communication of the browser.

Purse

As for the hacker's attack served only gaps in Chrome itself, he could also secure the maximum prize money for themselves - $ 60,000 change order to the owner. Overall, Google had provided U.S. $ 1,000,000 prize money for Pwnium second Most of this prize money, the company can now take home with you, except for "Pinky Pie" no one could perform a successful hack.

Reaction

At least as impressive as the hack itself, however, is the response time of Google: Within just 10 hours, the company has two security holes  closed  and delivered a new update for the stable version of the browser.

Browser Hacking ~ Google Chrome

See All Posts From