Google acknowledge common vulnerability for Chrome
In March at the Pwn2Own hacking contest Google's Chrome was the only browser left standing, however Google has admitted recently that Chrome, at the time, had the same vulnerability as the defeated browsers.
Google says this was not revealed then because, although Chrome's developers had actually mentioned the bug on the Google bug database the very day the competition took place, they decided to backtrack and keep quiet about the problem out of consideration for the Apple Safari developers. As Mark Larson, the program manager for Chrome said in a post on the 7th of May "Disclosing that this release contains the fix for CVE-2009-0945, an issue in WebKit code that also affects Apple's Safari web browser. We did not want to disclose this until Apple's fix for Safari users was released."
As this post points out the vulnerability itself was in WebKit, the open source rendering engine which is used both by Chrome and Safari. Larson says the problem is with WebKit's handling of SVGList objects and an exploit would require tricking the user into visiting a malicious web site. However the reason that Chrome proved more resilient during the contest was that it employs "sandbox" security to block system access. A successful exploit of the WebKit vulnerability would only allow an attacker to run code within the limits of the sandbox. Internet Explorer 7 & 8 running under Vista or the upcoming Windows 7 also utilise a sandbox defence.
Running browsers in a sandbox is one of the current favourite methods for improving browser security as browsers increasingly become the threat focus for attacks. Although this technique is now being adopted by the browser developers a number of security products, such as ZoneAlarm ForceField and Sandboxie offer to sandbox any browser.
Following the Pwn2Own contest Mozilla produced a patch for Firefox on the 27th of March while Apples patch for Safari only appeared recently on the 12th of May as part of a large security update for OS X. Microsoft's response was to release the final build of IE8 which is immune to the attacks run at Pwn2Own although IE7 may still be vulnerable.
(trk)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/6/7/2/comingin310_4_kicker-4977194bfb0de0d7.png)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/3/2/3/comingin310_3_kicker-151cd7b9e9660f05.png)
