In association with heise online

23 May 2012, 12:33

Worth Reading: The $50,000 breakout

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Chrome has a good reputation for security, having withstood many attacks at hacking contests such as Pwn2Own, and breaking out of the browser's sandbox is a complicated feat which few have managed. Consequently, the reward on offer at Google's Pwnium hacking contest for anyone achieving this was substantial: $50,000.

Two hackers managed to collect the bounty. As a recent Google blog post explains, it was far from easy. In order to get his code to execute on a test system on visiting a crafted website, hacker Pinkie Pie had to combine a total of six vulnerabilities.

The second successful hacker, vulnerability expert Sergey Glazunov, had to make use of a total of ten separate security vulnerabilities. Some of these, probably in the WebKit core, also affect other browsers. This is why Google has elected to keep Glazunov's technique under wraps for now. Google's blog posting does, however, describe Pinkie Pie's breakout in great detail. It also makes clear that Pinkie Pie's $50,000 was hard earned.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit