Chrome survives hacker challenge

by Paul Jay, CBCNews.ca.

Vancouver was host to the annual CanSecWest security conference last week, with the highlight of the competition the annual Pwn2Own contest, in which hackers try their hand at exploiting vulnerabilities in web browsers for computers and mobile phones.

And while many debates on the internet about security and web browsers tend to devolve into a shouting match between Mac and Windows users, the competition's results revealed browsers on both Windows and Mac OS have easy exploits: It didn't take too long before Apple's Safari, Mozilla Firefox and Microsoft's IE 8 all went down.

But what's interesting is that neither a collection of mobile browsers nor Google's Chrome fell in the competition.

Chrome was actually affected by one of the vulnerabilities that plagued another browser, but as hacker Charlie Miller told security expert Ryan Naraine, the problem with Chrome is developing a way to exploit the bug.

Chrome includes a security mechanism called a sandbox, which essentially uses an operating system's existing security measures to severely limit any access gained from a bug. (A more detailed description of the sandbox is here.)

It's not clear at this point if Google is onto something or if hackers just haven't bothered to go after Chrome in a concerted way, since, generally speaking, hackers don't tend to spend much time on browsers very few use.

After escaping this year's competition unscathed, perhaps Chrome will have a bulls-eye on it next year.

Here, by the way, is the link to the Pwn2Own Wrap Up.