Worth Reading: The $50,000 breakout
Chrome has a good reputation for security, having withstood many attacks at hacking contests such as Pwn2Own, and breaking out of the browser's sandbox is a complicated feat which few have managed. Consequently, the reward on offer at Google's Pwnium hacking contest for anyone achieving this was substantial: $50,000.
Two hackers managed to collect the bounty. As a recent Google blog post explains, it was far from easy. In order to get his code to execute on a test system on visiting a crafted website, hacker Pinkie Pie had to combine a total of six vulnerabilities.
The second successful hacker, vulnerability expert Sergey Glazunov, had to make use of a total of ten separate security vulnerabilities. Some of these, probably in the WebKit core, also affect other browsers. This is why Google has elected to keep Glazunov's technique under wraps for now. Google's blog posting does, however, describe Pinkie Pie's breakout in great detail. It also makes clear that Pinkie Pie's $50,000 was hard earned.
(fab)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/6/7/2/comingin310_4_kicker-4977194bfb0de0d7.png)
![Kernel Log: Coming in 3.10 (Part 3) [--] Infrastructure](/imgs/43/1/0/4/2/3/2/3/comingin310_3_kicker-151cd7b9e9660f05.png)
