+ Post New Thread
Results 1 to 12 of 12
IT News Thread, Google Will Pay $1 Million For Chrome Hacks in Other News; Link: Google Will Pay $1 Million for Chrome Hacks | News & Opinion | PCMag.com ...Chrome is participating in an ...
  1. #1

    DaveP's Avatar
    Join Date
    Oct 2006
    Location
    Can't talk now: The mother-ship is calling!
    Posts
    8,770
    Thank Post
    351
    Thanked 1,274 Times in 870 Posts
    Blog Entries
    4
    Rep Power
    1126

    Google Will Pay $1 Million For Chrome Hacks

    Link: Google Will Pay $1 Million for Chrome Hacks | News & Opinion | PCMag.com

    ...Chrome is participating in an annual hackathon called Pwn2Own, held next week at the CanSecWest security conference in Vancouver. For the last three years of the competition, Chrome has been left untouched while hackers have taken down browsers including Firefox, Internet Expolorer, and Safari, Forbes said...

  2. #2

    mac_shinobi's Avatar
    Join Date
    Aug 2005
    Posts
    9,700
    Thank Post
    3,230
    Thanked 1,040 Times in 962 Posts
    Rep Power
    363
    what sort of hacks constitute an actual hack, could you take a hex editor, adjust the exe for Chrome and then use said loop hole or do you have to leave the executable in tact as is ???

    Or is this more network hacking ie they have there own little network and they have to do something on the remote computer that has Chrome ?

  3. #3

    X-13's Avatar
    Join Date
    Jan 2011
    Location
    /dev/null
    Posts
    8,999
    Thank Post
    590
    Thanked 1,935 Times in 1,338 Posts
    Blog Entries
    19
    Rep Power
    810
    Quote Originally Posted by mac_shinobi View Post
    what sort of hacks constitute an actual hack, could you take a hex editor, adjust the exe for Chrome and then use said loop hole or do you have to leave the executable in tact as is ???

    Or is this more network hacking ie they have there own little network and they have to do something on the remote computer that has Chrome ?
    I think it'd be exploits they're looking for and not hacks.

    If you change the .EXE it wouldn't be chrome anymore.

  4. #4

    sonofsanta's Avatar
    Join Date
    Dec 2009
    Location
    Lincolnshire, UK
    Posts
    4,902
    Thank Post
    855
    Thanked 1,419 Times in 975 Posts
    Blog Entries
    47
    Rep Power
    612
    Pwn2Own is normally for using a browser exploit - buffer overflows etc. - to break out of the sandbox and start executing arbitrary code on the machine. I think they normally just open Calculator or Notepad to demonstrate that they can do it, but any such exploit would have the potential to introduce viruses, keyloggers, blah blah blah...

  5. #5

    mac_shinobi's Avatar
    Join Date
    Aug 2005
    Posts
    9,700
    Thank Post
    3,230
    Thanked 1,040 Times in 962 Posts
    Rep Power
    363
    Thanks - not tried doing anything like that before - sounds interesting though.

  6. #6

    sonofsanta's Avatar
    Join Date
    Dec 2009
    Location
    Lincolnshire, UK
    Posts
    4,902
    Thank Post
    855
    Thanked 1,419 Times in 975 Posts
    Blog Entries
    47
    Rep Power
    612
    Quote Originally Posted by mac_shinobi View Post
    Thanks - not tried doing anything like that before - sounds interesting though.
    A couple of stories from last year:
    pwn2own day one: Safari, IE8 fall, Chrome unchallenged
    Pwn2Own day 2: iPhone, BlackBerry beaten; Chrome, Firefox no-shows

    Apple actually released a patch just before Pwn2Own last year to try and stop any exploits being found and used, it's that important an event in security circles.

  7. #7

    X-13's Avatar
    Join Date
    Jan 2011
    Location
    /dev/null
    Posts
    8,999
    Thank Post
    590
    Thanked 1,935 Times in 1,338 Posts
    Blog Entries
    19
    Rep Power
    810
    Quote Originally Posted by sonofsanta View Post
    it's that important an event in security circles.
    A large scale network security event, designed to expose vulnerabilities in browsers, in a time where more and more is being done online.

    Of course it's a big deal.


    No-one want's to be the company that allows users personal details to be intercepted/hacked due to security flaws.

  8. #8

    sonofsanta's Avatar
    Join Date
    Dec 2009
    Location
    Lincolnshire, UK
    Posts
    4,902
    Thank Post
    855
    Thanked 1,419 Times in 975 Posts
    Blog Entries
    47
    Rep Power
    612

  9. #9


    Join Date
    Feb 2007
    Location
    51.405546, -0.510212
    Posts
    8,747
    Thank Post
    221
    Thanked 2,626 Times in 1,936 Posts
    Rep Power
    778
    Quote Originally Posted by mac_shinobi View Post
    Thanks - not tried doing anything like that before - sounds interesting though.
    Must be quite difficult...

    It was a rare event. To date, there are no known reports of a zero-day attack ever hitting Chrome in the wild, and at the previous three years' contests, Chrome escaped unscathed, even as Internet Explorer, Firefox, and Safari were brought down by exploits that allowed the attackers to take complete control of the machine running the software. The chief reason: Chrome's security sandbox—which isolates web content inside a highly restricted perimeter that's separated from the rest of the operating system—makes it harder to write reliable attacks.
    A contestant in the second contest, which Google has dubbed "Pwnium," was also able to bypass the Chrome sandbox so he could execute any code of his choosing on the underlying machine. Sergey Glazunov wasn't on site to discuss the hack. Google has said only that for him to win the top $60,000 reward, his exploit was required to bypass the sandbox using code native to Chrome.

    Bekrar told Ars that his team's attack exploited what's known as a use-after-free bug to bypass DEP, or data execution prevention, and ASLR, or address space layout randomization. Both mitigations are designed to prevent hackers from executing malicious code even when they locate vulnerabilities. He said it exploited a second vulnerability that allows code to break out of the sandbox. He declined to detail the vulnerable component, except to say it was found in the "default" installation of the Google browser.

    That detail led several observers to speculate that an Adobe Flash plugin was the means Vupen used to access more sensitive parts of the operating system. While Chrome runs the media player add-on in its own sandbox, the perimeter is considerably more porous than it is with other components, security researchers say. Core functionality in Flash, for instance, requires the app be able to control web cams and microphones, access system state, and connect to display monitors and other connected devices. (Source)

  10. #10


    Join Date
    Feb 2007
    Location
    51.405546, -0.510212
    Posts
    8,747
    Thank Post
    221
    Thanked 2,626 Times in 1,936 Posts
    Rep Power
    778
    How Google set a trap for Pwn2Own exploit team « ZDNet

    As you know, Google launched an alternative to Pwn2Own to ensure it got the full rights to any sandbox exploitation so when the VUPEN team announced it would arrive here with a Chrome zero-day, the Google Chrome security team decided to set a trap.

    Google could figure out very easily if a certain exploit technique was being used. Even more, if an attack targeted third-party (er, Adobe Flash Player) code, they could pinpoint the technique.

    In this case, the Google Chrome security knew that the Flash Player plugin sandbox is significantly weaker and that an exploit against Chrome’s Flash Player would have to go through a certain path.

    Having figured out that Vupen used that technique (from the May video), Google decided to add a specific protection for Flash.

    On March 5, the protection was added to Google Chrome 17.0.963.65. When the protection triggers, it generates a very unique signature — 0xABAD1DEA — which is hexidecimal that spells out "a bad idea". The protection was meant to make the browser resilient to certain attacks but in a bit of cat-and-mouse, it was left in there to see if anyone would find it and make a public comment.

    The VUPEN team arrived at CanSecWest and during testing of its exploits for Pwn2Own, they stumbled into the exception.

  11. #11

    sonofsanta's Avatar
    Join Date
    Dec 2009
    Location
    Lincolnshire, UK
    Posts
    4,902
    Thank Post
    855
    Thanked 1,419 Times in 975 Posts
    Blog Entries
    47
    Rep Power
    612
    There's been two actual Chrome hacks at Pwnium now, in the browser itself rather than in the Flash plugin as Vupen used as pwn2own... At hacking contest, Google Chrome falls to third zero-day attack (Updated)

    $60k to get the details of three vulnerabilities seems remarkably good value for Google, doesn't it?

  12. #12

    sonofsanta's Avatar
    Join Date
    Dec 2009
    Location
    Lincolnshire, UK
    Posts
    4,902
    Thank Post
    855
    Thanked 1,419 Times in 975 Posts
    Blog Entries
    47
    Rep Power
    612
    This is how far you have to go to hack Chrome: Anatomy of a hack: 6 separate bugs needed to bring down Google browser (Updated) | Ars Technica

    Although as he says, the conditions of the prize pot stipulating it must be a Chrome vulnerability NOT an OS vulnerability changes the game somewhat; it's both harder to do, and means that just because Chrome is secure, you're not necessarily safe against attacks.

SHARE:
+ Post New Thread

Similar Threads

  1. Have google check your site for hacks/spam
    By mossj in forum Web Development
    Replies: 4
    Last Post: 4th March 2010, 03:37 PM
  2. need a lift from birmingham will pay petrol
    By projector1 in forum BETT 2014
    Replies: 10
    Last Post: 13th January 2007, 01:27 AM
  3. Replies: 2
    Last Post: 11th October 2006, 12:17 PM
  4. What will this mean for wages?
    By Dos_Box in forum General Chat
    Replies: 8
    Last Post: 24th October 2005, 05:14 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •