Skip to navigation
   
Davey Winder's Blog

Google Chrome stands alone at PWN2OWN

By Davey Winder in Editorial

Posted in Security, Firefox, Google, Internet, Microsoft, Apple on March 22, 2009 at 3:59 pm

Permalink | Author Profile

Which web browser client is least at risk from hackers? If the PWN2OWN hacking competition is any measure of client security, then the clear winner was Google Chrome.

Of course, not everything is always as straightforward as it seems. And that is certainly the case when it comes to the annual PWN2OWN hacking championships that are run during the CanSecWest security conference. Standard PCs and Macs running default OS installations are used, loaded up with fully patched and current versions of the target software and no additional plug-ins to help the hackers. The rules seems pretty simple: hack the app as quickly as possible, with code execution as a requirement.

First of the web browsers to fall was Apple Safari running on a MacBook which lasted between 5 and 10 seconds in total. Charlie Miller managed to ‘own’ it by exploiting a previously unknown vulnerability and then simply clicking on a malicious URL. He proved to the judges that as a result of the remote code execution he had full control over the Mac.

Next was, perhaps a little surprisingly, Internet Explorer 8. A German chap known only as Nils managed to exploit a new vulnerability in IE8, running on a recent build of Windows 7. Someone who was no doubt surprised would be the main Internet Explorer 8 man at Microsoft, Dean Hachamovitch, who gave his keynote at the Las Vegas Mix 09 conference to launch the public release of IE8 just a few hours later proclaiming that the browser had been engineered to withstand evolving attack methods used by hackers. Oh dear. Nils, mean while, went back to the keyboard and then managed to successfully hack the Firefox browser client as well.

Two bits of good news did emerge from all this though. Firstly that these new vulnerabilities will not remain exploitable for long, indeed Microsoft are said to have already fixed the IE8 one and the patch is likely to roll out real soon now. This courtesy of the competition sponsors, TippingPoint, who pay the winning hackers a cash prize which also buys them the rights to the vulnerability details and exploit code which are immediately passed over to the vendors concerned.

Secondly, the competition did seem to prove one thing: if you want the most secure of the mainstream web browser clients then Google Chrome would appear to be the way to go. During the course of the competition, it remained unhackable it would seem. Safari hacking supremo Charlie Miller did manage to find a vulnerability, but unlike previous vulnerabilities Miller reports that he was unable to exploit this one thanks to the sandboxing and security features of Chrome.

12345
Rated: 100% (5 votes)
Loading ... Loading ...

Previous Post | Next Post

 
 
Comments

Pingback by IT PRO: Blogs: Davey Winder: In need of an urgent Firefox fix - March 26, 2009 on 7:59 pm

[…] Google Chrome is a more secure browser bet after all? Not yet rated  Loading […]

Pingback by Internet Explorer 8 - ScoobyNet - April 3, 2009 on 5:21 pm

[…] Its total ****e, there are now hundreds of exploits that are in the public domain, Ms can’t keep up. This is an interesting read.. IT PRO: Blogs: Davey Winder: Google Chrome stands alone at PWN2OWN […]

Comment by sikanrong - April 23, 2009 on 12:26 pm

I notice firefox didn’t get ‘pwn’d either, so chrome isn’t special or what?

Comment by Sean - April 23, 2009 on 3:16 pm

“…successfully hack the Firefox browser client…” last line of the third last paragraph, firefox was hacked. so chrome is still special, in a way

Pingback by NewbTech » Blog Archive » Microsoft IE 8.0 Browser Security best of all browsers? - April 27, 2009 on 3:04 am

[…] contest (forgetting to mention the wee lil fact that Google Chrome actually outlasted it.. - article from ITPro)… NSS Labs recently released a paper that touts putting all the current browsers through […]

Comment by ugg boots uk - October 15, 2009 on 9:59 am

The final reason why you should buy genuine, Aussie Uggs is that they will last longer. The merino sheepskin used is of a very high quality that will last you a long time and because the material allows your feet to breathe, they won’t get sweaty causing the fabric to decay.

Trackback by Acnezine - November 24, 2011 on 5:39 am

Acnezine…

Acnezine reviews for acnezine…

Trackback by wartrol treatments for genital warts in men - November 26, 2011 on 6:38 am

Buy Wartrol…

wartrol signs and symptoms of genital warts…

Trackback by Wartrol Scam - December 1, 2011 on 1:48 am

Wartrol Reviews…

wartrol a cure for genital warts…

Trackback by Car Town Cheats - December 6, 2011 on 4:50 am

car town game cheats…

car town online game…

Trackback by car town cheat - December 7, 2011 on 5:40 pm

car town cheat engine download…

money cheat for car town…

Trackback by Homepage - December 12, 2011 on 8:06 am

… [Trackback] …

[…] Read More: itpro.co.uk/blogs-archive/daveyw/2009/03/22/google-chrome-stands-alone-at-pwn2own/ […] …

Trackback by Gail Brazell - February 9, 2012 on 4:00 am

will smith dead rumor…

[…]have one of each and every pair” or even “I experience not at the moment being my mouth area guard, I am specified that our canine […]…

Make a comment

* required

* required

We stop spam using reCaptcha.
Type the words below and click Submit Comment.

   
Tag cloud

Sony Kin Olympics Mars MessageLabs phishing desktop Digital Footprint hacker Silverlight Internet Explorer survey graphics theft books surveys scan linkedin Windows Phone 7 Series Texas Instruments Architecture trust Big Brother GMail payment server worm Scotland admin DNS second life scareware banking migration Browsers IT InfoSec BSI Acer eBook Mobile Phones PS3 hoax scam ecommerce Trousers virtual world Top 10 IDC disclosure Press man-in-the-middle Mafia Intel Apps Internet iPhone 3GS Firefox Software fake parental control Spotify work Nintendo Voice Nexus Tesco Recall global NASA School Music MSNBC The Federation HPC policy Rumour USA search science social networking OS Dell biometrics games computer Battery Application students Beta Jesus Phone Bill Gates Mobile Phone Advertising archiving Performance computing Noro copyright Addiction code productivity China digitise NBC law RAM Sex mobile holidays development Jobs Pirate iPhone broadband hardware XP xmas EU ISP Microchip Madness web 2.0 Steve Ballmer Web Development remote working wifi e Google Earth Space Harry Potter lawsuit prison Supercomputer green remote storage BOFH ISPA patch management YouTube management ID Theft Geeks cloud App Netbook Ballmer encryption VPN computing Review data protection statistics Deal virtualisation IBM documentation Media compromise computers memory report universe Windows Google GSM MiniBook Children CAPTCHA mail HP meme Government Business patent christmas RATM privacy Blogging services Marketing economy exploit VeriSign Parenting Psychic snooping size Experiment spending transactional security OCR Hack Conference Death Licensing Browser IP nightmare outsourcing economics hacking technology politics workplace Video chips Obama Employment VM recession Gartner environment innovation Apple Programming news fraud Steve Jobs terrorism Russia tech office tax fun Patents Adobe Enterprise money Cisco Johnny Depp Analysis botnet Paris Hilton ROFL Microsoft Finjan earth hour Army credit crunch smartphone Funny Palm Eee PC stupid Eee SSL Amazon security Zango teleworking Networks museum Meh Porn Research Health Android spam adware Energy data standards email Yahoo rootkits Trojan payments Military information Vista fool Flash acquisition credit card fraud debian iPhone 3G Retail Game symantec FBI Guardian worker network Education Banned Windows 7 Twitter console AMD Linux Europe MSN McKinnon e-commerce dumb Palm Pre gadgets Kaspersky world of warcraft betting printing SMS Rant virtual machine avatar campaign monetisation Opinion help family iPad Election Developers stupidity Data Centre Psion Digg ASUS virus millions staffing poll Study Blog President iPod football Top 500 App Store banks library shopping hypervisor black hat Gadget crime Notebooks Facebook Project Lotus hubdub service Texting malware carbon copy Gateway Michael Jackson web gaming support open source Backlash Kill Switch Kindle sick home
Advertisement
Advertisement