msgbartop
All about Google Chrome & Google Chrome OS
msgbarbottom

24 May 12 Pwnium Chrome hackers exploited 16 zero-day vulnerabilities


Google Chrome hackers used a total of 16 zero-day vulnerabilities to crack the browser at the inaugural “Pwnium” hacking contest and win $120,000.

The number of bugs the two researchers used – six in one case, “roughly” 10 in the other – was dramatically more than the average attack. The Stuxnet worm of 2010, called “groundbreaking” by some analysts, used just four bugs, only three of them previously-unknown “zero-day” vulnerabilities.

Google detailed only the half-dozen deployed by the researcher known as “Pinkie Pie” in a post to the Chromium blog yesterday. Details of the 10 used by Sergey Glazunov will not be disclosed until they are patched in other programs they afflict, said Jorge Lucangeli Obes and Justin Schuh, two Chrome security engineers.

Pinkie Pie and Glazunov were the only prize winners at Pwnium, the March contest Google created after it withdrew from the long-running “Pwn2Own” hacking challenge. Google had pledged to pay up to $1 million, but ended up handing out just $120,000 – $60,000 to each of the men.

In previous P2n2Own contests, Chrome had escaped not only unscathed, but also untested by top-flight security researchers.

Pinkie Pie strung together six vulnerabilities on March 9 to successfully break out of the Chrome “sandbox,” an anti-exploit technology that isolates the browser from the rest of the system.

The vulnerabilities let him exploit Chrome’s pre-rendering – where the browser loads potential pages before a user views them – access the GPU (graphics processor unit) command buffers, write eight bytes of code to a predictable memory address, execute additional code in the GPU and escape the browser’s sandbox.

At the time of Pwnium, one Google program manager called Pinkie Pie’s exploits “works of art.”

Google patched Pinkie Pie’s bugs within 24 hours of his demonstration. Since then, the company has revealed technical details in its Chromium bug database of five of the six vulnerabilities.

Glazunov’s exploits relied on approximately 10 vulnerabilities – they, too, were patched within 24 hours – but Google is keeping information on those secret for now.

“While these issues are already fixed in Chrome, some of them impact a much broader array of products from a range of companies,” said Obes and Schuh. “We won’t be posting that part until we’re comfortable that all affected products have had an adequate time to push fixes to their users.”

Chrome, currently at version 19, had an estimated 18.9% of the browser usage market in April, according to metrics firm Net Applications. Rival StatCounter, however, pegged Chrome’s share for the month at 31.2%.

Article source: http://rss.feedsportal.com/c/270/f/470440/s/1fa9a773/l/0Lnews0Btechworld0N0Csecurity0C33597220Cpwnium0Echrome0Ehackers0Eexploited0E160Ezero0Eday0Evulnerabilities0C0Dolo0Frss/story01.htm

Tags: , , , , ,

23 May 12 Pwnium hacking contest winners exploited 16 Chrome zero-days


Computerworld -

Google yesterday revealed that the two researchers who cracked Chrome in March at the company’s inaugural “Pwnium” hacking contest used a total of 16 zero-day vulnerabilities to win $60,000 each.

The number of bugs each researcher used — six in one case, “roughly” 10 in the other — was dramatically more than the average attack. The Stuxnet worm of 2010, called “groundbreaking” by some analysts, used just four bugs, only three of them previously-unknown “zero-day” vulnerabilities.

Google detailed only the half-dozen deployed by the researcher known as “Pinkie Pie” in a post to the Chromium blog yesterday. Details of the 10 used by Sergey Glazunov will not be disclosed until they are patched in other programs they afflict, said Jorge Lucangeli Obes and Justin Schuh, two Chrome security engineers, in the blog.

Pinkie Pie and Glazunov were the only prize winners at Pwnium, the March contest Google created after it withdrew from the long-running “Pwn2Own” hacking challenge. Google had pledged to pay up to $1 million, but ended up handing out just $120,000 — $60,000 to each of the men.

In previous P2n2Own contests, Chrome had escaped not only unscathed, but also untested by top-flight security researchers.

Pinkie Pie strung together six vulnerabilities on March 9 to successfully break out of the Chrome “sandbox,” an anti-exploit technology that isolates the browser from the rest of the system.

The vulnerabilities let him exploit Chrome’s pre-rendering — where the browser loads potential pages before a user views them — access the GPU (graphics processor unit) command buffers, write eight bytes of code to a predictable memory address, execute additional code in the GPU and escape the browser’s sandbox.

At the time of Pwnium, one Google program manager called Pinkie Pie’s exploits “works of art.”

Google patched Pinkie Pie’s bugs within 24 hours of his demonstration. Since then, the company has revealed technical details in its Chromium bug database of five of the six vulnerabilities.

Glazunov’s exploits relied on approximately 10 vulnerabilities — they, too, were patched within 24 hours — but Google is keeping information on those secret for now.

“While these issues are already fixed in Chrome, some of them impact a much broader array of products from a range of companies,” said Obes and Schuh. “We won’t be posting that part until we’re comfortable that all affected products have had an adequate time to push fixes to their users.”

Chrome, currently at version 19, had an estimated 18.9% of the browser usage market in April, according to metrics firm Net Applications. Rival StatCounter, however, pegged Chrome’s share for the month at 31.2%.

covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at Twitter @gkeizer, on Google+ or subscribe to Gregg’s RSS feed Keizer RSS. His email address is gkeizer@computerworld.com.

See more by Gregg Keizer on Computerworld.com.

Read more about Malware and Vulnerabilities in Computerworld’s Malware and Vulnerabilities Topic Center.

Article source: http://www.computerworld.com/s/article/9227404/Pwnium_hacking_contest_winners_exploited_16_Chrome_zero_days?source=rss_keyword_edpicks

Tags: , , , , ,

10 Apr 12 Google Patches 12 Flaws in Chrome


Google has 12 vulnerabilities in Chrome, including seven high-risk flaws. The new release of Chrome also includes an updated version of the Adobe Flash player.

This is the second update for Chrome in the last few days from Google. The company updates its browser on a rolling basis, pushing out a new release whenever there’s sufficient volume of security issues to address or when there’s a high-priority vulnerability that warrants a quick fix. As part of its bug bounty program, Google paid out $6,000 in rewards to researchers who reported vulnerabilities to the company. Among the researchers who qualified this time around are Sergey Glazunov and Miaubiz, both of whom regularly get payouts from Google for their research.

The security fixes included in the latest Chrome release are:

[$500] [106577] Medium CVE-2011-3066: Out-of-bounds read in Skia clipping. Credit to miaubiz.
[117583] Medium CVE-2011-3067: Cross-origin iframe replacement. Credit to Sergey Glazunov.
[$1000] [117698] High CVE-2011-3068: Use-after-free in run-in handling. Credit to miaubiz.
[$1000] [117728] High CVE-2011-3069: Use-after-free in line box handling. Credit to miaubiz.
[118185] High CVE-2011-3070: Use-after-free in v8 bindings. Credit to Google Chrome Security Team (SkyLined).
[118273] High CVE-2011-3071: Use-after-free in HTMLMediaElement. Credit to pa_kt, reporting through HP TippingPoint ZDI (ZDI-CAN-1528).
[118467] Low CVE-2011-3072: Cross-origin violation parenting pop-up window. Credit to Sergey Glazunov.
[$1000] [118593] High CVE-2011-3073: Use-after-free in SVG resource handling. Credit to Arthur Gerkis.
[$500] [119281] Medium CVE-2011-3074: Use-after-free in media handling. Credit to Sławomir Błażek.
[$1000] [119525] High CVE-2011-3075: Use-after-free applying style command. Credit to miaubiz.
[$1000] [120037] High CVE-2011-3076: Use-after-free in focus handling. Credit to miaubiz.
[120189] Medium CVE-2011-3077: Read-after-free in script bindings. Credit to Google Chrome Security Team (Inferno).

Commenting on this Article will be automatically closed on July 5, 2012.

Article source: http://threatpost.com/en_us/blogs/google-patches-12-flaws-chrome-040512

Tags: , , ,

25 Mar 12 Bug Hunter Hacks Chrome at CanSecWest; Earns Top Reward From Google


During Google’s Pwnium contest at the CanSecWest security conference in Vancouver on Wednesday, Russian bug hunter Sergey Glazunov demonstrated a Chrome exploit that completely defeats the browser’s much touted security sandbox.

Chrome is viewed as one of the most secure Web browsers by the security community, primarily because of its sandboxed architecture, which restricts how it interacts with the OS and significantly limits what attackers can do if they exploit a vulnerability.

A panel of security experts from Accuvant and Coverity, who analyzed the defensive capabilities of modern browsers in depth, said last week at the RSA security conference in San Francisco that Chrome’s sandbox prevents processes from doing much of anything on the system.

However, there is a consensus in the security community that while sandboxing is a strong anti-exploitation mechanism, it does not provide a perfect defense and a determined attacker can theoretically defeat it, although with a lot of work.

For this year’s CanSecWest conference, Google decided to run a contest called Pwnium in parallel with TippingPoint’s well known Pwn2Own contest, which rewards security researchers for finding and exploiting unpatched remote code execution (RCE) vulnerabilities in browsers.

Pwnium has a maximum prize pool of US$1 million and rewards various types of Chrome exploits. The largest prize is $60,000 and is awarded to researchers who demonstrate persistent RCE exploits that target only vulnerabilities in Google Chrome’s code.

The first to earn this top reward was Sergey Glazunov, a regular Chrome bug hunter, who on Wednesday, during the first day of the contest, demonstrated an exploit that completely bypassed Chrome’s sandbox.

The exploit was validated by the Google Chrome team. “Congrats to long-time Chromium contributor Sergey Glazunov who just submitted our first Pwnium entry. Looks like it qualifies as a ‘Full Chrome’ exploit,” Sundar Pichai, Google’s senior vice president for Chrome, said via his Google+ account. “We’re working fast on a fix that we’ll push via auto-update.”

Other Chrome security engineers, like Justin Schuh or Chris Evans, expressed their excitement about the exploit via Twitter. “What a great bug from Sergey. But still a whole ton of cash left, hoping for more entrants,” Evans said on his Twitter feed.

Glazunov, who has earned many rewards for finding Chrome vulnerabilities in the past, wasn’t at CanSecWest in person. Instead he submitted his Pwnium entry through independent security researcher Aaron Sigel.

During day one of the Pwn2Own contest, a team of researchers from French security firm VUPEN Security also managed to hack Chrome. However, Chrome’s security team suspects that the researchers’ exploit targeted a vulnerability in the Flash Player plug-in that comes with the browser by default.

If that’s true, VUPEN’s exploit would have only qualified for a Pwnium consolation prize of $20,000, had it been submitted to the contest. VUPEN didn’t confirm that their Pwn2Own Chrome exploit targeted a Flash Player vulnerability, which isn’t prohibited by the Pwn2Own contest rules.

Article source: http://www.pcworld.com/businesscenter/article/251506/bug_hunter_hacks_chrome_at_cansecwest_earns_top_reward_from_google.html

Tags: , , ,

24 Mar 12 Google patches 9 Chrome bugs, pays more to top researchers


Computerworld - Google yesterday patched nine vulnerabilities in Chrome in the sixth security update to Chrome 17, the edition that launched Feb. 8.

Wednesday’s update was the first since the Chrome security team issued a pair of quick fixes during the “Pwnium” hacking event held March 7-9 at the CanSecWest security conference.

Six of the nine bugs patched Wednesday were rated “high,” the second-most dire ranking in Google’s threat system. One was marked “medium,” and the remaining two were labeled “low.”

Google paid $5,500 in bounties to four researchers for reporting five bugs. The four other vulnerabilities were uncovered by members of Google’s own security team or were too minor to be eligible for a bonus.

Three of the four researchers who reported flaws fixed in Chrome 17 yesterday have been recently recognized by Google.

Sergey Glazunov, who received a $2,000 bounty for submitting a bug described by Google as “cross-origin violation with ‘magic iframe,’” was one of two $60,000 prize winners at Pwnium earlier this month.

Glazunov was the first to claim cash at Pwnium, the Chrome-only hacking challenge that Google created after it withdrew from the long-running Pwn2Own contest over objections about the latter’s exploit reporting practices.

Two others, Arthur Gerkis and a researcher known as “miaubiz,” received $1,000 and $2,000, respectively, for bugs that Google patched yesterday.

Gerkis and miaubiz were two of the three outside bug hunters who were given special $10,000 bonuses three weeks ago for what Google called “sustained, extraordinary” contributions to its vulnerability reporting program.

So far this year, Google has paid nearly $200,000 to outside researchers through its bug bounty and Pwnium programs.

Google will not be patching a Chrome bug revealed in “Pwn2Own,” the other hacking contest that ran at CanSecWest.

At Pwn2Own, a team from the French security firm Vupen exploited Chrome by using a one-two punch of a bug in Flash Player — which Google bundles with its browser — and a Chrome “sandbox escape” vulnerability.

Because Pwn2Own sponsor HP TippingPoint’s Zero Day Initiative (ZDI) bug bounty program does not require researchers to disclose sandbox escape vulnerabilities, Google was not told how the Vupen team hacked Chrome.

Yesterday’s update to Chrome 17 can be downloaded for Windows, Mac OS X and Linux from Google’s website. Users running the browser will receive the new version automatically through its silent, in-the-background update service.

covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at Twitter @gkeizer, on Google+ or subscribe to Gregg’s RSS feed Keizer RSS. His email address is gkeizer@computerworld.com.

See more by Gregg Keizer on Computerworld.com.

More: Browser Topic Center

Read more about Security in Computerworld’s Security Topic Center.

Article source: http://www.computerworld.com/s/article/9225441/Google_patches_9_Chrome_bugs_pays_more_to_top_researchers

Tags: , , ,

24 Mar 12 Google patches 9 Chrome bugs, pays more to top researchers


Google yesterday patched nine vulnerabilities in Chrome in the sixth security update to Chrome 17, the edition that launched Feb. 8.

Wednesday’s update was the first since the Chrome security team issued a pair of quick fixes during the “Pwnium” hacking event held March 7-9 at the CanSecWest security conference.

Six of the nine bugs patched Wednesday were rated “high,” the second-most dire ranking in Google’s threat system. One was marked “medium,” and the remaining two were labeled “low.”

Google paid $5,500 in bounties to four researchers for reporting five bugs. The four other vulnerabilities were uncovered by members of Google’s own security team or were too minor to be eligible for a bonus.

Three of the four researchers who reported flaws fixed in Chrome 17 yesterday have been recently recognized by Google.

Sergey Glazunov, who received a $2,000 bounty for submitting a bug described by Google as “cross-origin violation with ‘magic iframe,’” was one of two $60,000 prize winners at Pwnium earlier this month.

Glazunov was the first to claim cash at Pwnium , the Chrome-only hacking challenge that Google created after it withdrew from the long-running Pwn2Own contest over objections about the latter’s exploit reporting practices.

Two others, Arthur Gerkis and a researcher known as “miaubiz,” received $1,000 and $2,000, respectively, for bugs that Google patched yesterday.

Gerkis and miaubiz were two of the three outside bug hunters who were given special $10,000 bonuses three weeks ago for what Google called “sustained, extraordinary” contributions to its vulnerability reporting program.

So far this year, Google has paid nearly $200,000 to outside researchers through its bug bounty and Pwnium programs.

Google will not be patching a Chrome bug revealed in “Pwn2Own,” the other hacking contest that ran at CanSecWest.

At Pwn2Own, a team from the French security firm Vupen exploited Chrome by using a one-two punch of a bug in Flash Player — which Google bundles with its browser — and a Chrome “sandbox escape” vulnerability.

Because Pwn2Own sponsor HP TippingPoint’s Zero Day Initiative (ZDI) bug bounty program does not require researchers to disclose sandbox escape vulnerabilities, Google was not told how the Vupen team hacked Chrome.

Yesterday’s update to Chrome 17 can be downloaded for Windows, Mac OS X and Linux from Google’s website. Users running the browser will receive the new version automatically through its silent, in-the-background update service.

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer , on Google+ or subscribe to Gregg’s RSS feed . His email address is gkeizer@computerworld.com .

See more by Gregg Keizer on Computerworld.com .

Read more about security in Computerworld’s Security Topic Center.

Article source: http://www.itworld.com/security/261172/google-patches-9-chrome-bugs-pays-more-top-researchers

Tags: , , ,

22 Mar 12 Google patches 9 Chrome bugs, pays more to top researchers


Computerworld - Google yesterday patched nine vulnerabilities in Chrome in the sixth security update to Chrome 17, the edition that launched Feb. 8.

Wednesday’s update was the first since the Chrome security team issued a pair of quick fixes during the “Pwnium” hacking event held March 7-9 at the CanSecWest security conference.

Six of the nine bugs patched Wednesday were rated “high,” the second-most dire ranking in Google’s threat system. One was marked “medium,” and the remaining two were labeled “low.”

Google paid $5,500 in bounties to four researchers for reporting five bugs. The four other vulnerabilities were uncovered by members of Google’s own security team or were too minor to be eligible for a bonus.

Three of the four researchers who reported flaws fixed in Chrome 17 yesterday have been recently recognized by Google.

Sergey Glazunov, who received a $2,000 bounty for submitting a bug described by Google as “cross-origin violation with ‘magic iframe,’” was one of two $60,000 prize winners at Pwnium earlier this month.

Glazunov was the first to claim cash at Pwnium, the Chrome-only hacking challenge that Google created after it withdrew from the long-running Pwn2Own contest over objections about the latter’s exploit reporting practices.

Two others, Arthur Gerkis and a researcher known as “miaubiz,” received $1,000 and $2,000, respectively, for bugs that Google patched yesterday.

Gerkis and miaubiz were two of the three outside bug hunters who were given special $10,000 bonuses three weeks ago for what Google called “sustained, extraordinary” contributions to its vulnerability reporting program.

So far this year, Google has paid nearly $200,000 to outside researchers through its bug bounty and Pwnium programs.

Google will not be patching a Chrome bug revealed in “Pwn2Own,” the other hacking contest that ran at CanSecWest.

At Pwn2Own, a team from the French security firm Vupen exploited Chrome by using a one-two punch of a bug in Flash Player — which Google bundles with its browser — and a Chrome “sandbox escape” vulnerability.

Because Pwn2Own sponsor HP TippingPoint’s Zero Day Initiative (ZDI) bug bounty program does not require researchers to disclose sandbox escape vulnerabilities, Google was not told how the Vupen team hacked Chrome.

Yesterday’s update to Chrome 17 can be downloaded for Windows, Mac OS X and Linux from Google’s website. Users running the browser will receive the new version automatically through its silent, in-the-background update service.

covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at Twitter @gkeizer, on Google+ or subscribe to Gregg’s RSS feed Keizer RSS. His email address is gkeizer@computerworld.com.

See more by Gregg Keizer on Computerworld.com.

More: Browser Topic Center

Read more about Security in Computerworld’s Security Topic Center.

Article source: http://www.computerworld.com/s/article/9225441/Google_patches_9_Chrome_bugs_pays_more_to_top_researchers

Tags: , , ,

16 Mar 12 Google Chrome’s Pwnium Contest Makes The Web A Safer Place


Google Chromes Pwnium Contest Makes The Web A Safer Place

Google began a competition called Pwnium last week that tasked hackers to find exploits on its Chrome Web browser. We reported how one Russian student had won $60,000 for his hack.

The Google Chrome security team posted on Chrome blog that the total payout in the last week for Pwnium is now up to $120,000. They were paid out to two submissions, one of which came from Sergey Glazunov. Google was able to roll out updates to patch these security flaws within 24 hours of being exploited.

Exploits are normally patched by a security team that has limited information in regards to how the hacker exploited their software. They are usually forced to guess how the exploit was implemented by the trail left behind by the hacker. The Pwnium contest is akin to a controlled environment where the Chrome team can see the exploit in its entirety and have time to study it before rolling out an update.

The Chrome security team also detailed a third exploit that was discovered at a different event last week. The exploit in question used a vulnerability in the Flash Player plug-in that could affect all browsers. The exploit was detailed to Adobe and their team is working on a patch that will be implemented in the near future.

Speaking of Flash Player, Google announced that they are working with Adobe to provide a version of Flash Player that will run natively inside the Chrome sandbox. The Chromebook already has this functionality.

All of this just goes to show you that there are good hackers out there. Hackers are usually painted in a bad light due to the actions of rogue agents, but the majority of them are just making the Web a safer and better place.

Article source: http://www.webpronews.com/google-chromes-pwnium-contest-makes-the-web-a-safer-place-2012-03

Tags: , ,

12 Mar 12 Chrome gets hacked, finally


Chrome gets hacked, finally

Vupen Security and Sergey Glazunov independently managed to penetrate Google Chrome’s security defenses at the Pwn2Own and ‘Pwnium’ contests respectively.

Pwn2Own is an annual computer hacking contest held in March at Vancouver, Canada. Security professionals try and find vulnerabilities in software that were previously unknown (called zero-day attacks and exploits) and gain control over the target system. Winners win a cash prize (in the thousands of dollars) and get to take home the system they’ve hacked.

This year Google also organised an independent competition of the same nature hosted at the exact same location, dubbed “Pwnium” (“Pwn” is slang for hack).

Google’s Chrome browser has had an outstanding security record thanks to Google’s continuos attention and its support towards its open source developers. The browser hasn’t been compromised by a zero-day attack ever since it’s been launched, which is a pretty big thing, considering that Firefox, Internet Explorer (IE) and Safari get hacked every year.

The security researchers had to perform a complicated hack to break through Chrome’s sandbox, which is like a virtual container that prevents web content from interacting with vulnerable parts of the operating system.

Google went to work immediately and has managed to fix the exploit. The details will be revealed only after the company believes a significant number of people have updated their browsers.

IE 9 on Windows 7 was also hacked, again through a complicated hack that had to circumvent the browser’s sandbox. Microsoft, however, may not respond so rapidly, as its quality testing procedure usually takes a few months to fix bugs like these.

Safari on Mac OS X Snow Leopard, along with Firefox and IE 8 on Windows XP, was also hacked.

While the contestants, software companies and event organisers (TippingPoint and Google) usually remain tight-lipped about the discovered vulnerabilities till they’re fixed, current speculation is that one of the Chrome vulnerabilities relate to the Adobe Flash plug-in, while the other one and the IE 9 bug relates to the native browser code, not a third-party plug-in.

Article source: http://www.deccanchronicle.com/channels/sci-tech/others/chrome-gets-hacked-finally-404

Tags: , , ,