Pwnium Ends, 5 Vulnerabilities Found and 4 Patched – Chrome Security Team Gets Remaining $880,000?

Pwnium 2012 has concluded with 5 critical vulnerabilities of Google Chrome released and 4 of them patched with 2 stable updates this week. Well, that explains why your Chrome was downloading updates more than usual. Total $120,000 has been paid out to two hackers/security experts and if I am reading this correctly, renaming 880,000 will go to the Chrome security team. That’s a really nice way to appreciate their hard work!

The second patch went out Saturday, March 10, 2012 fixing the vulnerability which helped PinkiePie gain access of a Windows7 PC by visiting a website using Chrome. Here are the hilights from this blogpost.

chrome news  Pwnium Ends, 5 Vulnerabilities Found and 4 Patched   Chrome Security Team Gets Remaining $880,000?

Congratulations to PinkiePie (aka PwniePie) for a beautiful piece of work to close out the Pwnium competition!

We’re delighted at the success of Pwnium and the ability to study full exploits. We anticipate landing additional changes and hardening measures for both CVE-2011-3046 and CVE-2011-3047 in the near future. We also believe that both submissions are works of art and deserve wider sharing and recognition. We plan to do technical reports on both Pwnium submissions in the future.

  • [Like a b-b-b-b-boss!!! $60,000] [117620] [117656] Critical CVE-2011-3047: Errant plug-in load and GPU process memory corruption. Credit to PinkiePie.


Can Anyone Hack A Browser in 5 Minutes?

I came across an interesting piece of “rant” on Google Plus which discusses a few items around Pwn2Own and such hacking contests. It is an interesting read. Here is what i liked the most.

Normally, teams prepare exploits in advance and then arrive at the contest, sit down, and use them — leading to true but misleading headlines like “XXX Browser hacked in 5 minutes at Pwn2Own!” …Well, probably days to months of preparation, really.

In any case, in the three previous years Chrome has been public (and thus been included) no one had touched us. By contrast, the only other browser to make it through one of those contests unexploited was Firefox — and it did it once.

Read the entire post here.

An Interesting Comment I received For My Last Post.

PAEz posted the following when I discussed about a “teenager” hacking Chrome. I agree with him completely on this, so I am re-posting it here for everyone.

No offense but I dont see a teenager cracking Chrome to be embarrassing. Teenagers can do some amazing code. Their young creative brains, mixed with their lack of experience can enable them to think outside the box better than someone with experience. Experience brings beliefs that constrict the way they think, while a young persons brain can buzz with new ways of thinking and looking at problems.

0 comments… add one

Leave a Comment