Vulnerability has been found in Chrome during this year’s Pwn2Own event, Google have released an update within hours to patch the exploit.
Pwn2Own hack contest happens ever year encouraging hackers to find vulnerabilities in web browsers, operating systems and web plugins. This year; Chrome, Firefox and Internet Explorer have all be exploited.
A sandbox bypass exploit against zero day vulnerabilities was identified in Chrome. This exploit allowed the hacker to use a malicious webpage which granted code execution in the sandboxed renderer process. This could further attack the kernel vulnerability that granted elevated privileges and arbitrary command execution outside of the sandbox with system privileges. Google has awarded the researchers $100,ooo.
This vulnerability was found using the latest stable version of Chrome on Windows 7.
Subsequently, the Chrome team have released a security update today to patch this vulnerability:
[180763] High CVE-2013-0912: Type confusion in WebKit. Credit to Nils and Jon of MWR Labs.
Update 25.0.1364.160 for Windows, Mac, and Linux will be pushing out in the next few days.
Google is also hosting a similar event this week called Pwnium. There is a total prize fund of $3,14159 million for finding exploits in Chrome OS.