Google has updated its Chrome browser, fixing an issue that was first uncovered at the Pwnium browser hacking contest, which took place at the CanSecWest security conference in Vancouver this week.
Russian security researcher Sergey Glazunov won $60,000 for demonstrating his exploit, which was able to bypass Chrome’s sandbox, at the hackathon solely focused on Chrome hacks.
Under the rules of the competition, Glazunoy was able to claim the prize for demonstrating a full Chrome exploit on a fully-patched system. Google was willing to pay out a total of $1 million in the competition.
“Congratulations again to community member Sergey Glazunov for the first submission to Pwnium,” wrote Jason Kersey of Google’s Chrome team in a blog detailing the security update.
But Glazunoy is not the only hacker that has defeated Chrome’s feted security features.
Google’s Chrome was the first browser to fall at the annual browser hackathon, Pwn2Own, which is running in parallel with Pwnium. A security group from France, VuPen Security, demonstrated a sandbox exploit within five minutes of the competition’s start – though, by the end of the first day, teams had successfully demonstrated hacks against Internet Explorer, Safari, and Firefox.
Google had withdrawn its sponsorship for Pwn2Own and set up the rival competition after realizing it wouldn’t get the full details on some of the exploits being shown off at Pwn2Own.
Google won’t be able to patch the browser until it confirms how the exploit worked.
Meanwhile, the latest Chrome update also fixes issues with some Flash games and videos.
Register now for SES New York 2012 March 19-23. SES New York is packed with 70+ sessions covering the latest strategies and trends in search engine optimization (SEO), paid search (PPC), social media, integrated marketing, and analytics, multiple keynotes, almost 100 exhibitors, networking events, parties, and more. Your customers, colleagues and competition will be in attendance – will you?