Google Chrome Falls Twice to Hack Challenges

As usual, Google prepped the browser with more than a dozen last-minute fixes just prior to the hacking contest, but that did not save Chrome from two successful cracks.

Security expert Sergey Glazunov compromised Chrome's sandbox with a zero-day exploit. He won Google's Pwnium prize for a full Chrome exploit under Windows 7 and collected $60,000 reward. Security company Vupen was also successful in cracking Chrome shortly after Glazunov had announced his exploit. The quick fall of Chrome may have been bad PR for Google, but the company was quick to issued a patch that fixes the vulnerability in the stable version of Chrome, which now carries the version number 17.0.963.78.

Vupen's reward is unclear at this time. The company said that it is considering participation in the Pwn2own contest at CanSecWest with exploits for all major browsers.

Create a new thread in the Streaming Video & TVs forum about this subject
This thread is closed for comments
22 comments
    Your comment
    Top Comments
  • why bad pr....

    bad pr would be an exploit from last year still doable this year.
    28
  • very fast patching. great job google!
    26
  • drwho1In my experience with this browser, it is very vulnerable to VIRUSES.Most of them are TROJANS and most of that (at least on my experience) have been thru JAVA exploits.When I re-installed Windows 7 64bit I simply avoided (a have not installed) anything that would "require" JAVA to run thus eliminating a lot of unnecessary risks.Still, I got a virus after that and it was another Trojan (and I'm 100% certain) that it was thru this browser. The truth is that sadly there will always be some moron (very intelligent moron) that will be creating some new way to harm others. Staying away of known (even if look friendly) or especially if they look "too friendly" and "helpful" because most times than not, that's precisely how this threats are masked.


    You can't really blame chrome for someone using java exploits.
    16
  • Other Comments
  • very fast patching. great job google!
    26
  • why bad pr....

    bad pr would be an exploit from last year still doable this year.
    28
  • I agree with alidan.
    It's kinda like the NASA approach. If we fail, we fail very publicly; and then fix the problem.

    The bad part is not having a bug or vulnerability in a piece of software (with the size and complexity of today's programs that's virtually unavoidable) but taking forever to admit it is there (as advised by In-House counsel my guess) and than taking even longer to fix it.

    Take any version of Windows for example :-)
    4