Google Chrome hacked twice at Vancouver conference
By Emily Chung, CBC News
Posted: Mar 8, 2012 4:55 PM ET
Last Updated: Mar 8, 2012 7:06 PM ET
Hackers found and exploited two previously unknown security flaws in Google Chrome at a Vancouver IT security conference this week — the first time the browser has succumbed in such competitions.
The Pwn2Own and Pwnium competitions at the CanSecWest conference continue through Friday, but as of Wednesday, the first day of the competition, the Chrome browser had already taken a bit of a beating.
A team for Vupen Security managed to demonstrate a previously unknown security vulnerability in Chrome within the first five minutes of the Pwn2Own contest, organized by HP Tippingpoint, the contest said in a congratulatory tweet Wednesday.
"Google Chrome is probably one of the most secure browsers and it was a big challenge for us to defeat its sandbox protection and show that it can be fully compromised," Chaouki Bekrar, CEO of Vupen Security, said in an email Thursday.
He said his team made a web page that could be visited by a user on an updated Windows system and fully updated Chrome browser. The web page contained code capable of "bypassing all security protections" on the browser and executing a command on the user's computer.
The contest is in its fifth year at the conference, and this is the first time that Chrome has succumbed to the work of the IT security experts at the conference, said Aaron Portnoy, manager of security research at HP Tippingpoint. In previous years, security flaws have been found in other browsers.
Meanwhile, Sergey Glazunov, a longtime contributor to the Google Chrome security program, successfully demonstrated a "full Chrome exploit" while competing remotely in the Google-sponsored Pwnium contest, which is focused only on the Chrome browser. He qualified for $60,000 out of up to $1 million that Google has set aside for the competition, which is in its first year.
"This is exciting," Sundar Pichai, senior vice-president of Chrome, said in a posting on the Google Plus social network Wednesday afternoon.
Created its own contest
Google has previously sponsored Pwn2Own, but pulled out this year in favour of its own contest, saying it did so because it found contestants could enter without having to reveal all the details of their security exploits to vendors such as Google.
Bekrar said his company doesn't accept the requirement to report the entire code of its exploit.
According to Pwn2Own's Twitter feed, Google claims it has a way of blocking Vupen Security's new exploit "without having seen it."
As of Thursday afternoon, Google had not responded to a request for comment from CBC news.
The Pwn2Own contest also includes a challenge in which competitors try to exploit vulnerabilities that have already been patched in the latest versions of Firefox, Internet Explorer, Safari and Chrome browsers. Competitors gain points for each success.
As of Thursday, Vupen Security managed to succeed in two challenges each for Internet Explorer and Safari, as well as one for Firefox and looked well on its way to winning the top prize of $60,000, sponsored by Hewlett Packard.
Top News Headlines
- Toronto Mayor Rob Ford fires chief of staff
- A week after bombshell allegations that Toronto Mayor Rob ford was videotaped smoking crack, the mayor's chief of staff was fired and Ford is continuing to stonewall reporters. more »
- Federal Court won't remove MPs over robocall allegations
- The Federal Court says it won't throw six MPs out of their seats over allegations of widespread vote suppression through automated robocalls in the 2011 federal election. more »
- Alleged Ford crack video seller not responding to calls
- The journalist who broke the story alleging Toronto Mayor Rob Ford was recorded on video smoking crack cocaine says he may never be able to get his hands on the evidence. more »
- Bridge collapse on Washington interstate drops cars into water
- The Washington State Patrol says the Interstate 5 bridge over the Skagit River at Mount Vernon has collapsed, dumping vehicles and people into the water. more »
Latest Technology & Science News Headlines
- Twitter launches feature to 'make sure it's really you'
- Following hack attacks on the Twitter accounts of The Associated Press, the Financial Times and other media organizations by the Syrian Electronic Army, Twitter has rolled out a new feature to help prevent unauthorized logins to a user's accounts. more »
- 'Hadfield at Home' parodies astronaut's return to 'normal' life
- While the real Chris Hadfield reacclimates to Earth gravity and performs experiments in Houston, a parody of the Canadian astronaut is recreating some of his famous space moments, but with decidedly terrestrial results. more »
- 3-D printing of airway tube helps save U.S. baby
- In a medical first, doctors used plastic particles and a 3-D laser printer to create an airway splint to save the life of a baby boy who used to stop breathing nearly every day. more »
- Importers brace for fight over iPods and TVs
- Importers of popular electronics such as big-screen TVs and MP3 players are ramping up their fight against federal tariff changes, accusing the government of misleading them by offering tariff breaks that it planned to claw back later. more »
Bob McDonald's Blog
- Chris Hadfield: The gravity of gravity May. 17, 2013 9:58 AM After five months of being Superman and a media superstar, Canadian astronaut Chris Hadfield is now beginning the challenging task of adapting his mortal body and brain to life back on Earth.
Quirks & Quarks
- May 25: The Origin of Feces May. 23, 2013 9:43 AM Cow pies, scat, droppings, guano, dung, manure, night soil, poop, fecal matter, sh*t. Call it what you may, excrement plays a crucial role in evolution, culture and the environment.
- Toronto Mayor Rob Ford fires chief of staff
- 2nd suspect in Tim Bosma murder case to plead not guilty
- 2 more arrests linked to hacking death of British soldier
- Duffy says he wants to give Canadians 'the whole story'
- Vancouver man abandons Porsche on B.C. ferry
- Chained-teen's mom wants man who pleaded guilty 'to suffer'
- Montreal lifts boil-water advisory
- B.C. teen saves pet dog in 'terrifying' cougar attack
- Neil Macdonald: Harper no Obama when it comes to dealing with scandals