Pwnium Â is in progress and we have a second full Chrome pwn, interestingly by a Teenager who will get $60,000 from Google as announced.TheÂ hacker who identified himself only as PinkiePie said he spent the past week and half working on the attack. It combined three previously unknown vulnerabilities to gain full system access to a Dell Inspiron laptop that ran a fully patched version of Chrome on top of the most up-to-date version of Windows 7.
This is the second full attack of Google Chrome during the conference. The first hack was byÂ Sergey Glazunov who also won $60,000 from Google. 5 ChromeÂ vulnerabilitiesÂ have been found as part of these two hacks and 2 of them have been patched.
While â€œPinkie Pieâ€ was previously unknown to onlookers here, Googlers described him as a â€œknown and respected security researcher.â€Â He said he never considered selling the vulnerability to third-party brokers. Â â€Iâ€™ve never sold a vulnerability before.â€
Strangely, which sandbox escapes are rare, Pinkie Pie said the easiest part of his attack was jumping out of the Chrome sandbox after the initial exploit.
â€œI got lucky because I found a way [to jump out of the sandbox] very early. Â I figured it out by looking at it carefully,â€ he added. He declined to discuss specifics of theÂ vulnerabilitiesÂ or the exploit techniques, deferring comments to Google representatives.
So, now we can wait for another patch from the Google team fixing thisÂ vulnerability.
For many, this will be a reason to say, “See, Chrome is not as secure as you think” Yes, we have to agree, no software is perfect. But this move from the Chrome team of encouragingÂ securityÂ researchers to findÂ vulnerabilitiesÂ of the browser and patch them before “bad guys” get their hands on them, Â I must call it “Smart“