Submit News Alternative Tip Form

Chrome beaten at the Pwn2Own 2013 Hackfest

Google is fast to patch, wonder how long Microsoft will take!

Vulnerability has been found in Chrome during this year’s Pwn2Own event, Google have released an update within hours to patch the exploit.

Pwn2Own hack contest happens ever year encouraging hackers to find vulnerabilities in web browsers, operating systems and web plugins. This year; Chrome, Firefox and Internet Explorer have all be exploited. 

A sandbox bypass exploit against zero day vulnerabilities was identified in Chrome. This exploit allowed the hacker to use a malicious webpage which granted code execution in the sandboxed renderer process. This could further attack the kernel vulnerability that granted elevated privileges and arbitrary command execution outside of the sandbox with system privileges. Google has awarded the researchers $100,ooo.

This vulnerability was found using the latest stable version of Chrome on Windows 7.

Subsequently, the Chrome team have released a security update today to patch this vulnerability:

[180763] High CVE-2013-0912: Type confusion in WebKit. Credit to Nils and Jon of MWR Labs.

Update 25.0.1364.160 for Windows, Mac, and Linux will be pushing out in the next few days.

Google is also hosting a similar event this week called Pwnium. There is a total prize fund of $3,14159 million for finding exploits in Chrome OS.

  • Abhishek

    What do they get awarding the Hacker?

    Think in Microsoft way.

    • Lennart Jern

      Are you serious? They pay the hackers to tell them about vulnerabilities instead of finding it out “the hard way”. If google didn’t pay the hackers, they could just as well sell info about the exploit to some third party or hack someones bank account!

    • Naum Rusomarov

      They got $100k USD. That’s not bad at all. I doubt they would have earned more by selling the info to someone else.

  • http://www.madmadrasi.net/ mad.madrasi

    Firefox also released 19.0.2 to fix Pwn2Own hack. In fact it was the first.
    http://www.madmadrasi.net/2013/03/firefox-1902-fixes-pwn2own-exploit.html

    • Ed Hewitt

      I was not claiming Chrome was first. We only cover news about Chrome, so any Firefox news will not be covered, though we will be soon (omgfirefox.com)

      • http://www.madmadrasi.net/ mad.madrasi

        Point taken. :-)

  • Naum Rusomarov

    Pi millions of dollars! :)