How Google Set a Trap For Pwn2Own Exploit Team

Did Google plan something ahead of the Pwn2Own so that they can find out what exactly the VUPEN  team was using to hack in to Chrome?

Okay, to understand the story completely, I need to remind you all about this post. Security research group at VUPEN posted a video of their exploit breaking Chrome’s sandbox.

When the news came out, Chrome team claimed that the flawed code came from Adobe, one of the plugins used by Chrome, but it comes pre-installed with the browser. To confirm this, Google needed access to the exploit, pwnium helped.

On March 5, the protection was added to Google Chrome 17.0.963.65.  When the protection triggers, it generates a very unique signature — 0xABAD1DEA — which is hexidecimal that spells out “a bad idea.” The protection was meant to make the browser resilient to certain attacks but in a bit of cat-and-mouse, it was left in there to see if anyone would find it and make a public comment.

The VUPEN team arrived at CanSecWest and during testing of its exploits for Pwn2Own, they stumbled into the exception.  VUPEN exploit writer confirmed on Twitter:

So, that gave Google a confirmation that VUPEN is using Adobe’s flawed code to gain access to Chrome’s sandbox.

VUPEN co-founder Chaouki Bekrar, an outspoken exploit writer who insisted the team deliberately targeted Chrome to prove a point, was uncharacteristically coy when asked if the faulty Chrome code came from Adobe.

”It was a use-after-free vulnerability in the default installation of Chrome,” he said. “Our exploit

Got the story?

via Zdent

In Category: Google Chrome


Dinsan made Google Chrome his default browser within hours of its release. He fell in love with Chromebooks from the day he first touched one and is currently obsessed with Chromecasts.

No comments yet. Be the first.