IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Google patches WebKit flaw post Pwn2Own

Google patches a WebKit vulnerability, exploited by a team of Pwn2Own winners.

Google Chrome

Google has patched a vulnerability exploited by researchers at last week's Pwn2Own hacking contest.

Even though Google Chrome was not hacked during the competition, the bug resided in WebKit - the rendering engine used by the browser.

WebKit is also featured in Apple's Safari and the browser found on BlackBerry phones.

A team of researchers, including Willem Pinckaers, Vincenzo Iozzo and Ralf-Philipp Weinmann, hacked a BlackBerry Torch 9800 by exploiting the vulnerability.

On top of the $15,000 (9,345) they received for the BlackBerry hack, the researchers were handed $1,337 from Google.

The update, in Google Chrome 10.0.648.133, only fixed the WebKit security issue.

The memory corruption bug was given a high priority ranking, but Google was not forthcoming on any additional details.

"Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix," said Jason Kersey, from the Google Chrome team.

Google has handed out over $100,000 as part of its Chromium Security Rewards programme.

Politically motivated attacks

Meanwhile, Google warned a vulnerability affecting Internet Explorer (IE) users had been exploited in politically motivated attacks.

Google said its users had been targeted, but gave no further details on who the affected parties were. The tech giant said visitors to "another popular social site" had been targeted as well.

The bug in MIME HTML (MHTML) a protocol used by applications to render certain kinds of documents and bring together different content onto one HTML file - was publicly disclosed back in January.

When Microsoft offered a workaround for the zero-day vulnerability, no exploits had been seen in the wild.

"The abuse of this vulnerability is also interesting because it represents a new quality in the exploitation of web-level vulnerabilities," the Google Security Team said in a blog.

"To date, similar attacks focused on directly compromising users' systems, as opposed to leveraging vulnerabilities to interact with web services."

Featured Resources

Accelerating AI modernisation with data infrastructure

Generate business value from your AI initiatives

Free Download

Recommendations for managing AI risks

Integrate your external AI tool findings into your broader security programs

Free Download

Modernise your legacy databases in the cloud

An introduction to cloud databases

Free Download

Powering through to innovation

IT agility drive digital transformation

Free Download

Recommended

Google aims to court US public sector with new division
public sector

Google aims to court US public sector with new division

29 Jun 2022
Google Earth Engine open for business on Google Cloud, in corporate sustainability push
Cloud

Google Earth Engine open for business on Google Cloud, in corporate sustainability push

28 Jun 2022
Best business smartphones 2022: The top handsets from Apple, Samsung, Google and more
Mobile

Best business smartphones 2022: The top handsets from Apple, Samsung, Google and more

23 Jun 2022
Apple executive rejoins Google over remote work policy
flexible working

Apple executive rejoins Google over remote work policy

18 May 2022

Most Popular

LockBit 2.0 ransomware disguised as PDFs distributed in email attacks
Security

LockBit 2.0 ransomware disguised as PDFs distributed in email attacks

27 Jun 2022
Open source giant Red Hat joins HPE GreenLake ecosystem
automation

Open source giant Red Hat joins HPE GreenLake ecosystem

28 Jun 2022
Carnival hit with $5 million fine over cyber security violations
cyber security

Carnival hit with $5 million fine over cyber security violations

27 Jun 2022