Chrome hacked in five minutes

News 8 Mar, 2012

Chrome gets hacked in super quick time, showing no browser is safe.

Google's browser was hacked within only five minutes as part of annual security contest.

Pwn2Own is an annual browser hacking contest held at CanSecWest in Vancouver. This year, following a disagreement with contest organisers Tipping Point over vulnerability disclosures, Google held its own competition at the same conference, offering a total of $1 million in potential prize money.

After avoiding being successfully attacked for three years thanks largely to its sandbox, which locks down executable code to prevent damage, Chrome was hacked at both Pwn2Own and Google's Pwnium.

For the former, Vupen Security's team used a pair of zero-day flaws - one targeting Windows, the other targeting Chrome's sandbox - to hack the browser mere minutes into the start of the contest.

We wanted to show that even Chrome is not unbreakable

While the hack only took five minutes to execute, Vupen has been developing the attack against Chrome's sandbox for six weeks, Bekrar told ZDNet.

"We pwned Chrome to make things clear to everyone," said Chaouki Bekrar, CEO of Vupen Security, according to Ars Technica. "We wanted to show that even Chrome is not unbreakable."

The firm didn't reveal the full details of the hack. Vupen also hacked Firefox 3 and IE8 on Windows XP, as well as Safari 5 on OS X Snow Leopard at the contest.

Pwnium payout

At Google's own Pwnium contest, independent researcher Sergey Glazunov also found a way around Chrome's sandbox using vulnerabilities in the extension system.

Justin Schuh, security engineer at Google, said that Glazunov's exploit didn't break out out of the sandbox, but "avoided" it, letting an attacker do as he pleased in the browser.

“It was an impressive exploit," Schuh told ZDNet. "It required a deep understanding of how Chrome works.”

Glazunov won $60,000 for the exploit, but it's not the first time the independent researcher has been paid by Google - he frequently picks up payment via the firm's bug bounty programme.