Story Tools: PRINT | Text Size: S M L XL | REPORT TYPO | SEND YOUR FEEDBACK

Chrome survives hacker challenge

by Paul Jay, CBCNews.ca.

Vancouver was host to the annual CanSecWest security conference last week, with the highlight of the competition the annual Pwn2Own contest, in which hackers try their hand at exploiting vulnerabilities in web browsers for computers and mobile phones.

And while many debates on the internet about security and web browsers tend to devolve into a shouting match between Mac and Windows users, the competition's results revealed browsers on both Windows and Mac OS have easy exploits: It didn't take too long before Apple's Safari, Mozilla Firefox and Microsoft's IE 8 all went down.

But what's interesting is that neither a collection of mobile browsers nor Google's Chrome fell in the competition.

Chrome was actually affected by one of the vulnerabilities that plagued another browser, but as hacker Charlie Miller told security expert Ryan Naraine, the problem with Chrome is developing a way to exploit the bug.

Chrome includes a security mechanism called a sandbox, which essentially uses an operating system's existing security measures to severely limit any access gained from a bug. (A more detailed description of the sandbox is here.)

It's not clear at this point if Google is onto something or if hackers just haven't bothered to go after Chrome in a concerted way, since, generally speaking, hackers don't tend to spend much time on browsers very few use.

After escaping this year's competition unscathed, perhaps Chrome will have a bulls-eye on it next year.

Here, by the way, is the link to the Pwn2Own Wrap Up.

« Previous Post | Main | Next Post »

This discussion is now Open. Submit your Comment.

Comments

Gordon Fecyk

Winnipeg

Did the contest require the "target" browser to run as a user with full administrator rights? I'd call it a fixed contest if so, seeing that three heavyweights all failed where Google's upstart product passed.

My problem isn't with what browser a person uses. A web browser is just another application. My problem is with the people who insist on using their web browser in an insecure setup.

A regular user can duplicate Google's "sandbox" on Windows by just using it with a non-administrator user account. But this should be done with all desktop applications, not just web browsers.

Posted March 25, 2009 04:01 PM

« Previous Post | Main | Next Post »

Post a Comment

Disclaimer:

Note: By submitting your comments you acknowledge that CBC has the right to reproduce, broadcast and publicize those comments or any part thereof in any manner whatsoever. Please note that due to the volume of e-mails we receive, not all comments will be published, and those that are published will not be edited. But all will be carefully read, considered and appreciated.

Note: Due to volume there will be a delay before your comment is processed. Your comment will go through even if you leave this page immediately afterwards.

Privacy Policy | Submissions Policy

[an error occurred while processing this directive]
Story Tools: PRINT | Text Size: S M L XL | REPORT TYPO | SEND YOUR FEEDBACK

World »

302 Found

Found

The document has moved here.

more »

Canada »

302 Found

Found

The document has moved here.

more »

Politics »

302 Found

Found

The document has moved here.

more »

Health »

302 Found

Found

The document has moved here.

more »

Arts & Entertainment»

302 Found

Found

The document has moved here.

more »

Technology & Science »

302 Found

Found

The document has moved here.

more »

Money »

302 Found

Found

The document has moved here.

more »

Consumer Life »

302 Found

Found

The document has moved here.

more »

Sports »

[an error occurred while processing this directive] 302 Found

Found

The document has moved here.

more »

Diversions »

[an error occurred while processing this directive]
more »