Google patches WebKit flaw post Pwn2Own
By Tom Brewster,
Google has patched a vulnerability exploited by researchers at last week’s Pwn2Own hacking contest.
Even though Google Chrome was not hacked during the competition, the bug resided in WebKit - the rendering engine used by the browser.
WebKit is also featured in Apple’s Safari and the browser found on BlackBerry phones.
A team of researchers, including Willem Pinckaers, Vincenzo Iozzo and Ralf-Philipp Weinmann, hacked a BlackBerry Torch 9800 by exploiting the vulnerability.
On top of the $15,000 (£9,345) they received for the BlackBerry hack, the researchers were handed $1,337 from Google.
The update, in Google Chrome 10.0.648.133, only fixed the WebKit security issue.
The memory corruption bug was given a high priority ranking, but Google was not forthcoming on any additional details.
”Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix,” said Jason Kersey, from the Google Chrome team.
Google has handed out over $100,000 as part of its Chromium Security Rewards programme.
Politically motivated attacks
Meanwhile, Google warned a vulnerability affecting Internet Explorer (IE) users had been exploited in politically motivated attacks.
Google said its users had been targeted, but gave no further details on who the affected parties were. The tech giant said visitors to “another popular social site” had been targeted as well.
The bug in MIME HTML (MHTML) – a protocol used by applications to render certain kinds of documents and bring together different content onto one HTML file - was publicly disclosed back in January.
When Microsoft offered a workaround for the zero-day vulnerability, no exploits had been seen in the wild.
“The abuse of this vulnerability is also interesting because it represents a new quality in the exploitation of web-level vulnerabilities,” the Google Security Team said in a blog.
“To date, similar attacks focused on directly compromising users' systems, as opposed to leveraging vulnerabilities to interact with web services.”
You may also like...
Sponsored Links
advertisement
You may also like...
Latest Security Analysis & Insight
What is your password worth?
Would you be tempted to sell off company passwords for a fee? If not, seems like you're in the minority, acccording to research.
- Macs under attack?
- Intel: security inside
- Are you spending too much on IT security?
- Does the government want to snoop on your data?
- Eurocrats versus the cyber criminals
- The truth about spam
- Google and privacy: What’s the problem?
- Q&A: Symantec’s CISO on the source code hack
- RSA: Back from the breach?
Latest Security Reviews
Check Point 2210 Appliance review
Rating: 
advertisement
Most popular
- UK regulator shuts down Angry Birds scam
- Apple iPad 3 vs iPad 2 head-to-head review
- IBM bans use of Siri on iPhones
- Chromebooks: What's gone wrong?
- HP plans massive job cuts
- EMC World 2012: Tucci declares Documentum is here to stay
- Dell EqualLogic PS6100XS review
- Macs and Android under malware threat
- RIM loses its head of sales
- Local fibre broadband needs common standards
Latest News Videos in Security
IT PRO Podcast: Are UK data protection laws flawed?
PlayWe bring in two experts to talk about the problems with UK data protection law and the way it is managed.
Register for IT PRO
You'll get exclusive member benefits including free whitepapers, downloads, Webinars and weekly newsletters full of the latest IT PRO news, reviews, insight and expertise.
