Google Fixes Second Set of Chrome Bugs Used in Pwnium Contest

Google has pushed out a patch for the second full sandbox escape exploit used in the Pwnium contest at CanSecWest. The Chrome vulnerabilities that the exploit targeted were discovered by an anonymous researcher who used the name PinkiePie and claimed a $60,000 reward from Google.

Chrome patchGoogle has pushed out a patch for the second full sandbox escape exploit used in the Pwnium contest at CanSecWest. The Chrome vulnerabilities that the exploit targeted were discovered by an anonymous researcher who used the name PinkiePie and claimed a $60,000 reward from Google.

The attack that the researcher used included three separate vulnerabilities which he was able to string together to compromise Chrome. The researcher did not use his real name, but Google security officials at the conference said that they knew who he was and that he was well-respected in the security community. He had been working on the attack for a while and Google officials were unsure whether he’d be able to complete before the Pwnium contest ended Friday afternoon.

The contest was created as a rival to the Pwn2Own contest at CanSecWest, which as been running for several years. Google officials said they were happy with the results of Pwnium, which attracted two full sandbox escapes in Chrome, and the contest could end up being expanded in future years.

“We’re delighted at the success of Pwnium and the ability to study full exploits. We anticipate landing additional changes and hardening measures for both CVE-2011-3046 and CVE-2011-3047 in the near future. We also believe that both submissions are works of art and deserve wider sharing and recognition. We plan to do technical reports on both Pwnium submissions in the future,” Jason Kersey of Google said in a blog post.

Google patched the other vulnerabilities used by researcher Sergey Glazunov in the contest last week.

Suggested articles

Discussion

  • Anonymous on

    There are always some master-hand who can do others cannot do.

    Seems, chrome not only has the fast speed but also the high security. This is a good news for us who like using chrome or webkit.

    Not only the chrome iself high security but also the webkit engine in Avant browser I think.I like use chrome engine in Avant btowser which can supply some useful buttons and build-in feature which chrome itself doesn't have.But chrome still my default. No one can shake his position.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.