Google Chrome Hacked In Minutes During Pwn2Own Contest
Google Chrome was hacked on Wednesday by a group participating in a CanSecWest gathering.
The hack came during the Pwn2Own contest as Team Vupen exploited a security hole that allowed them to take control of the browser in just five minutes.
For their efforts the group will receive a $60,000 prize, part of which will be provided by Google.
Team Vupen will also receive 32 points in an on-going contest meant to show exploits in popular software. The team has already discovered two more vulnerabilities in other software at the conference.
While details of the exploit were not revealed the group says it was a zero-day exploit that allowed them to escape Google sandboxing and then run code across the entire Google Chrome browser platform.
The hack was prepared in advance of the contest after Google added more money to the hacking pool which likely enticed the group to target the Google Chrome browser.
Google has long claimed that its Google Chrome browser is the safest on the market and now it has fallen to the same Pwn2Own contest that claimed Apple’s Safari as a victim in the past.
Google was the first company to implement sandboxing which stops an exploit from spreading to other browser tabs and browser plugins.
Most browsers now offer some type of sandboxing for tabs and plugins to help prevent massive exploits from occurring.
The exploit will be addressed by the Google Chrome team in order to ensure no future attacks can not use the same approach.
Do you think Google’s approach to finding exploits will inevitably help them avoid major breaches of security by having hacking initiatives find problems before they are discovered independently.