Search
Sign in with
Sign up | Sign in
23 comments

Google Chrome Falls Twice to Hack Challenges

By - Source: PCWorld

Chrome is generally perceived as a secure browser and has usually performed well when confronted with hack attacks at CanSecWest.

As usual, Google prepped the browser with more than a dozen last-minute fixes just prior to the hacking contest, but that did not save Chrome from two successful cracks.

Security expert Sergey Glazunov compromised Chrome's sandbox with a zero-day exploit. He won Google's Pwnium prize for a full Chrome exploit under Windows 7 and collected $60,000 reward. Security company Vupen was also successful in cracking Chrome shortly after Glazunov had announced his exploit. The quick fall of Chrome may have been bad PR for Google, but the company was quick to issued a patch that fixes the vulnerability in the stable version of Chrome, which now carries the version number 17.0.963.78.

Vupen's reward is unclear at this time. The company said that it is considering participation in the Pwn2own contest at CanSecWest with exploits for all major browsers.

You need to be logged to post a comment

There are 23 Comments.
Top Comments
  • 26
    iceman1992 , March 9, 2012 11:11 PM
    very fast patching. great job google!
  • 28
    alidan , March 9, 2012 11:23 PM
    why bad pr....

    bad pr would be an exploit from last year still doable this year.
  • 15
    captaincharisma , March 10, 2012 12:18 AM
    this is not bad PR by doing this they saved themselves from really bad PR down the road
  • 14
    rex86 , March 10, 2012 12:20 AM
    It's OK for a software to be have some security weaknesses. It's NOT OK if those weaknesses are left unpatched.
  • 13
    mikeynavy1976 , March 10, 2012 12:28 AM
    This is already bad PR. The title of the story says it all. Instead of focusing on Google's immediate patching abilities, the media immediately calls them out. "Google Chrome Falls Twice to Hack Challenges" doesn't sound "positive". A lot of people know Google's strategy for offering money to challenging hackers to compromise their product so as to improve it. Many more will, without reading the article, hope or think that it is Google challenging that their product is invincible only to get nailed twice.
  • 14
    gm0n3y , March 10, 2012 12:30 AM
    freggoI agree with alidan. It's kinda like the NASA approach. If we fail, we fail very publicly; and then fix the problem.The bad part is not having a bug or vulnerability in a piece of software (with the size and complexity of today's programs that's virtually unavoidable) but taking forever to admit it is there (as advised by In-House counsel my guess) and than taking even longer to fix it.Take any version of Windows for example :-)

    I agree. Having bugs is a natural part of software development. Recognizing them and fixing them is what's important.
  • 16
    anonymous@guest , March 10, 2012 12:40 AM
    drwho1In my experience with this browser, it is very vulnerable to VIRUSES.Most of them are TROJANS and most of that (at least on my experience) have been thru JAVA exploits.When I re-installed Windows 7 64bit I simply avoided (a have not installed) anything that would "require" JAVA to run thus eliminating a lot of unnecessary risks.Still, I got a virus after that and it was another Trojan (and I'm 100% certain) that it was thru this browser. The truth is that sadly there will always be some moron (very intelligent moron) that will be creating some new way to harm others. Staying away of known (even if look friendly) or especially if they look "too friendly" and "helpful" because most times than not, that's precisely how this threats are masked.


    You can't really blame chrome for someone using java exploits.
  • 12
    JacekRing , March 10, 2012 12:48 AM
    drwho1In my experience with this browser, it is very vulnerable to VIRUSES.Most of them are TROJANS and most of that (at least on my experience) have been thru JAVA exploits.When I re-installed Windows 7 64bit I simply avoided (a have not installed) anything that would "require" JAVA to run thus eliminating a lot of unnecessary risks.Still, I got a virus after that and it was another Trojan (and I'm 100% certain) that it was thru this browser. The truth is that sadly there will always be some moron (very intelligent moron) that will be creating some new way to harm others. Staying away of known (even if look friendly) or especially if they look "too friendly" and "helpful" because most times than not, that's precisely how this threats are masked.


    Google doesn't code Java you know....and you can disable Java completely in the browser in the settings. Got to Options -> Under The Hood -> Privacy -> Content Settings -> Java and select do not allow any site to run Java Script.

    But frankly, you are getting those Trojans because you visit to many free porn sites....(j/k)
Other Comments
  • 28
    alidan , March 9, 2012 11:23 PM
    why bad pr....

    bad pr would be an exploit from last year still doable this year.
  • 26
    iceman1992 , March 9, 2012 11:11 PM
    very fast patching. great job google!
  • 16
    anonymous@guest , March 10, 2012 12:40 AM
    drwho1In my experience with this browser, it is very vulnerable to VIRUSES.Most of them are TROJANS and most of that (at least on my experience) have been thru JAVA exploits.When I re-installed Windows 7 64bit I simply avoided (a have not installed) anything that would "require" JAVA to run thus eliminating a lot of unnecessary risks.Still, I got a virus after that and it was another Trojan (and I'm 100% certain) that it was thru this browser. The truth is that sadly there will always be some moron (very intelligent moron) that will be creating some new way to harm others. Staying away of known (even if look friendly) or especially if they look "too friendly" and "helpful" because most times than not, that's precisely how this threats are masked.


    You can't really blame chrome for someone using java exploits.
Display more comments
Related Content
Tom’s guide in the world
  • Germany
  • France
  • Italy
  • Ireland
  • UK
Follow Tom’s guide
Subscribe to our newsletter