A French hackersteam in a targeted attack Googles Chrome browser to know first to hack the well-known Pwn2Own contest. Last year was Chrome upright and the French wanted to demonstrate that no application uncrackable.
The French managed to exploit within Chrome to open via a special website, which ensured that the calculator app of Windows was opened. This was the end of the browser’s sandbox is bypassed. The hack took place on a fully patched Windows 7 SP1 machine, and the French worked six weeks to find the vulnerabilities and write the exploits. The team excluded in addition to the Chrome-sandbox, among other things, the data execution prevention and address space layout randomization in Windows.
The team wins 32 points for the league and a chance to win the grand prize of $ 60,000 and a further $ 60,000 that Google separately has available for a full hack of Chrome. Or the French in qualifying for this final reward is, however, unclear.
Google stated earlier, the Pwn2Own contest, no more sponsoring, since the regulations do not require that the participants details of their exploit to reveal. Google loves therefore at the same time, in Canada its own Pwnium initiative, in which the detail requires. Pwn2Own is organized by HP Tippingpoint’s Zero Day Initiative. The organization stated that participants only a hack need to demonstrate, and then HP Tippingpoint vulnerabilities can be blocked in security applications for the enterprisemarkt.
The chance that the French hack audience is small, however. The controversial company Vupen that exploits sells to government customers, there is behind. Vupen told ZDNet the rights to zero-day vulnerabilities to sell and the sandbox workaround to keep to themselves. Incidentally complimented Chaouki Bekrar Google with the security of Chrome, which, according to him, the safest sandbox. Also for all the other browsers has Vupen exploits, but the company decided to first Chrome.