Chrome Browser Hacked Wednesday, Patched Thursday

rated by 0 users
This post has 7 Replies | 3 Followers

Top 10 Contributor
Posts 26,356
Points 1,191,570
Joined: Sep 2007
ForumsAdministrator
News Posted: Sun, Mar 11 2012 2:50 PM
Google’s Chrome Browser has historically been relatively bullet-proof, standing up to hacker challenges with impressive resilience. On Wednesday, however, hacker Sergey Glazunov successfully broaches Chrome’s defenses at CanSecWest’s Pwnium challenge, for which he received a prize of $60,000.

To Google’s credit, the vulnerability that Glazunov exploited was patched within 24 hours. In a post on the Chrome Blog, Jason Kersey stated that the hole was patched, and that the Chrome team also delivered some updates to fix issues with Flash games and videos.


Photo credit: ZDNet

However, Glazunov wasn’t the only one to bypass Chrome’s sandbox; French hacking group VUPEN took aim at Chrome first and foremost at CanSecWest’s Pwn2Own event, and apparently, the VUPEN fellows aren’t planning to divulge all their tactics just yet.
  • | Post Points: 65
Top 10 Contributor
Posts 8,686
Points 104,335
Joined: Apr 2009
Location: Shenandoah Valley, Virginia
MembershipAdministrator
Moderator
realneil replied on Sun, Mar 11 2012 3:49 PM

So how long would it have taken Microsoft to patch that vulnerability?

Big Smile

Dogs are great judges of character, and if your dog doesn't like somebody being around, you shouldn't trust them.

  • | Post Points: 35
Not Ranked
Posts 2
Points 10
Joined: Mar 2012
xKennii replied on Sun, Mar 11 2012 5:16 PM

Microsoft NEVER would've patched that venerability

:)

  • | Post Points: 5
Top 100 Contributor
Posts 997
Points 14,405
Joined: Nov 2009
Location: Ontario
Manduh replied on Sun, Mar 11 2012 8:01 PM

60k, nice! Wish I was that smrt! :p

  • | Post Points: 5
Top 150 Contributor
Posts 754
Points 8,520
Joined: Mar 2011
Location: Phoenix
LBowen replied on Sun, Mar 11 2012 8:09 PM

Chrome has become more of my go to browser. Some sites won't display a page on FF for some reason perfectly fine on Chrome. I also think it's really cool how they pay people to find hacks to help secure the software.

"I have the power!!"

  • | Post Points: 5
Top 150 Contributor
Posts 654
Points 5,945
Joined: May 2008
Location: Stockholm
mhenriday replied on Tue, Mar 13 2012 6:08 AM

LBowen, could you provide an example of pages which won't display on FF, but do on Chrome ? I am a constant user of both FF and Chrome/Chromium versions, but have never encountered this problem - it might also be of interest for Mozilla developers to learn about pages that don't display in their browsers. Personally, I retain FF Nightly as my default browser, primarily because Chrome/Chromium, while excellent browsers and excellently maintained as the quick patching described in the article shows, despite explicit requests from hundreds of users, still refrain from providing us with a sidebar panel which can be toggled on and off (I use it for my Delicious bookmarks)....

Henri

Not Ranked
Posts 3
Points 30
Joined: Apr 2012
Charles00 replied on Thu, Apr 12 2012 10:25 AM

Microsoft NEVER would've patched that venerability

  • | Post Points: 5
Top 10 Contributor
Posts 5,053
Points 60,715
Joined: May 2008
Location: U.S.
Moderator
3vi1 replied on Tue, Apr 17 2012 6:24 PM

realneil:

So how long would it have taken Microsoft to patch that vulnerability?

Big Smile

Microsoft Excel Remote Code Execution Exploit - 2280 days (6+ years) between the time Microsoft was informed, and the patch.

 

That is what you get from a monopoly.

What part of "Ph'nglui mglw'nafh Cthulhu R'lyeh wgah'nagl fhtagn" don't you understand?

++++++++++++[>++++>+++++++++>+++>+<<<<-]>+++.>++++++++++.-------------.+++.>---.>--.

  • | Post Points: 5
Page 1 of 1 (8 items) | RSS