Google Chrome Gets Hacked Again – This Time By A Teenager – Another $60k Reward!

Pwnium  is in progress and we have a second full Chrome pwn, interestingly by a Teenager who will get $60,000 from Google as announced.The hacker who identified himself only as PinkiePie said he spent the past week and half working on the attack. It combined three previously unknown vulnerabilities to gain full system access to a Dell Inspiron laptop that ran a fully patched version of Chrome on top of the most up-to-date version of Windows 7.

This is the second full attack of Google Chrome during the conference. The first hack was by Sergey Glazunov who also won $60,000 from Google. 5 Chrome vulnerabilities have been found as part of these two hacks and 2 of them have been patched.

While “Pinkie Pie” was previously unknown to onlookers here, Googlers described him as a “known and respected security researcher.” He said he never considered selling the vulnerability to third-party brokers.  ”I’ve never sold a vulnerability before.”

Strangely, which sandbox escapes are rare, Pinkie Pie said the easiest part of his attack was jumping out of the Chrome sandbox after the initial exploit.

“I got lucky because I found a way [to jump out of the sandbox] very early.  I figured it out by looking at it carefully,” he added. He declined to discuss specifics of the vulnerabilities or the exploit techniques, deferring comments to Google representatives.

So, now we can wait for another patch from the Google team fixing this vulnerability.

For many, this will be a reason to say, “See, Chrome is not as secure as you think” Yes, we have to agree, no software is perfect. But this move from the Chrome team of encouraging security researchers to find vulnerabilities of the browser and patch them before “bad guys” get their hands on them,  I must call it “Smart

In Category: Google Chrome


Dinsan made Google Chrome his default browser within hours of its release. He fell in love with Chromebooks from the day he first touched one and is currently obsessed with Chromecasts.

Show 2 Comments
  • Greg 11/03/2012, 3:58 am

    I have been noticing many Chrome updates in my update manager, and now I know why.
    I’m starting to wonder if I should still be using Chrome after this, it’s kinda embarrassing for Google for a teen to hack it 😛

  • PAEz 12/03/2012, 2:55 pm

    No offense but I dont see a teenager cracking Chrome to be embarrassing. Teenagers can do some amazing code. Their young creative brains, mixed with their lack of experience can enable them to think outside the box better than someone with experience. Experience brings beliefs that constrict the way they think, while a young persons brain can buzz with new ways of thinking and looking at problems.
    And as to whether you should continue using Chrome…..
    Vulnerabilities are always going to happen, its how the company handles them and what they do about them that counts for alot…And this is where Google step up to the plate brilliantly. They offer money for your knowledge, enticing hackers to share their knowledge with them instead of going to darker parts of the net looking to cash in.
    Theres prize money for getting a full exploit at Pwn2Own but Chrome put up alot more money for anyone finding exploits in their browser ($60,000), I didnt hear anything of FF or IE doing the same.
    Look at Sergey Glaznov who won $60,000 for his exploit at Pwn2Own and has previously earnt around $88,000 for his work finding bugs in Chrome. Thats $148,000 and the right to openly show his work and get credit that could enable him to get work at any security team, hopefully more than enough incentive to not go to the dark side.
    I for one feel total confidence in Google for doing the most they can to protect their users….
    Go Chrome!!

Leave a Comment