Pwnium 2: Full Chrome exploit earns hacker $60,000
Google's Chrome web browser has fallen at the company's Pwnium 2 security competition, which took place earlier today, 10 October, at the Hack In The Box conference in Kuala Lumpur, Malaysia. SC Magazine reported that the hacker who goes by the pseudonym "Pinkie Pie" was successfully able to "fully exploit" Chrome, escaping the sandbox using only bugs within Chrome. The hack was done on a fully patched 64-bit Windows 7 system running the latest stable branch of Chrome. For his work, Pinkie Pie will receive the top prize of $60,000 from Google.
Before the company had even confirmed the flaw on its Pwnium AppSpot page, Google announced version 22.0.1229.94 of Chrome for Windows, Mac OS X and Linux, which explicitly closes Pinkie Pie's critical security holes. The holes are described in the announcement as being composed of two separate flaws, an "SVG use-after-free" and an "IPC arbitrary write". Google's Jason Kersey congratulated Pinkie Pie on "returning to the fray with another beautiful piece of work," adding that the company was "delighted at the success of Pwnium 2, and anticipates additional hardening and future improvements to Chrome as a result of the competition."
This isn't the first time that "Pinkie Pie", also the name of a "My Little Pony - Friendship is Magic" character, has won money for exploiting Chrome. In March of this year, he was rewarded for vulnerabilities he used at Google's Pwnium contest, which took place during the Pwn2Own competition at CanSecWest, to break out of the browser's sandbox and execute code. In order to get his code to execute on the test system at the time, he had to combine a total of six vulnerabilities; the holes were later closed with the release of Chrome 18. Along with security specialist Sergey Glazunov, Pinkie Pie also won this year's Pwnie Award for the Best Client-Side Bug.
The full results of the Pwnium 2 competition will be announced during a talk by Google Software Engineer Chris Evans tomorrow, 11 October.
Update: Evans has now published a results and wrap-up post on the Chromium Blog. In it, he says that a future post will include an in-depth look at the bugs used by Pinkie Pie.
- Pwnium 2 begins, a post on the Chromium Blog.
- Google offers larger rewards to vulnerability hunters, a report from The H.