Google patches WebKit flaw post Pwn2Own

Google patches a WebKit vulnerability, exploited by a team of Pwn2Own winners.

Google Chrome

Google has patched a vulnerability exploited by researchers at last week's Pwn2Own hacking contest.

Even though Google Chrome was not hacked during the competition, the bug resided in WebKit - the rendering engine used by the browser.

WebKit is also featured in Apple's Safari and the browser found on BlackBerry phones.

Advertisement - Article continues below

A team of researchers, including Willem Pinckaers, Vincenzo Iozzo and Ralf-Philipp Weinmann, hacked a BlackBerry Torch 9800 by exploiting the vulnerability.

On top of the $15,000 (9,345) they received for the BlackBerry hack, the researchers were handed $1,337 from Google.

The update, in Google Chrome 10.0.648.133, only fixed the WebKit security issue.

The memory corruption bug was given a high priority ranking, but Google was not forthcoming on any additional details.

"Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix," said Jason Kersey, from the Google Chrome team.

Google has handed out over $100,000 as part of its Chromium Security Rewards programme.

Politically motivated attacks

Meanwhile, Google warned a vulnerability affecting Internet Explorer (IE) users had been exploited in politically motivated attacks.

Google said its users had been targeted, but gave no further details on who the affected parties were. The tech giant said visitors to "another popular social site" had been targeted as well.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

The bug in MIME HTML (MHTML) a protocol used by applications to render certain kinds of documents and bring together different content onto one HTML file - was publicly disclosed back in January.

When Microsoft offered a workaround for the zero-day vulnerability, no exploits had been seen in the wild.

"The abuse of this vulnerability is also interesting because it represents a new quality in the exploitation of web-level vulnerabilities," the Google Security Team said in a blog.

"To date, similar attacks focused on directly compromising users' systems, as opposed to leveraging vulnerabilities to interact with web services."

Featured Resources

Key considerations for implementing secure telework at scale

Identifying the security risks and advanced requirements of a remote workforce

Download now

The State of Salesforce 2020

Your guide to getting the most from Salesforce

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Rethink your cybersecurity strategy for the new world

5 steps to secure the enterprise and be fit for a flexible future

Download now
Advertisement

Recommended

The House of Lords will never bring tech giants to book
IT regulation

The House of Lords will never bring tech giants to book

8 Aug 2020
Russia hacked Liam Fox's personal email to steal trade documents
phishing

Russia hacked Liam Fox's personal email to steal trade documents

4 Aug 2020
British teenager charged over Twitter hack
hacking

British teenager charged over Twitter hack

3 Aug 2020
Mid-year report says vulnerabilities up 22% in 2020
hacking

Mid-year report says vulnerabilities up 22% in 2020

30 Jul 2020

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

3 Aug 2020
How to use Chromecast without Wi-Fi
Mobile

How to use Chromecast without Wi-Fi

4 Aug 2020
UN report points to a 350% rise in phishing websites at start of 2020
phishing

UN report points to a 350% rise in phishing websites at start of 2020

7 Aug 2020