Pwn2Own 2011: Google patches hole in Chrome

Although Chrome wasn't attacked directly at the contest, Google has released an update for the Windows, Linux and Mac OS X versions of its browser. The update closes a hole in WebKit that was originally exploited in Blackberry devices – because, like the Blackberry browser, Chrome and Safari are also based on WebKit.

Independently of the Pwn2Own contest, developers Vincenzo Iozzo, Ralf Philipp Weinmann and Willem Pinckaers, who discovered the hole, will be awarded $1,337 through Google's Bug Bounty Program.

However, the hole has yet to be closed in BlackBerry, Safari, Mobile Safari, Android and other WebKit-based products. BlackBerry is planning an update, but Apple only recently released new versions of Safari and iOS to close security issues in various Apple products.

None of this will apparently matter to iPhone 3G owners: iOS updates are now only available for the iPhone 4 and 3GS. The holes remain unpatched on the iPhone 3G. Complaints on an Apple forum about the lack of support for older devices were simply deleted by Apple, as the postings allegedly violated forum rules. The only solution available to those who own older devices could now be to resort to jailbreaks and protect their applications via community patches.

Microsoft is also working on an update to fix the hole in Internet Explorer 8 that was exploited during the contest. However, the company recommends that users install the soon-to-be-released Internet Explorer 9. This version reportedly no longer contains the hole and is said to offer better security than its predecessor.

(crve)