14 DAY TRIAL // Google has addressed a total of seven vulnerabilities with the release of Chrome OS 33.0.1750.152, the browser-based operating system that’s installed on Chromebook devices. The security holes were presented last week at Pwnium, the Google-sponsored competition that took place alongside CanSecWest in Vancouver.
Google has rewarded George Hotz (geohot) with $150,000 (€107,000) for a persistent code execution exploit in Chrome OS.
The exploit leverages a total of four vulnerabilities: a high-impact memory corruption in V8 (CVE-2014-1705), a low-impact command injection in Crosh (CVE-2014-1706), a high-impact path traversal issue in CrosDisks (CVE-2014-1707) and a critical issue with file persistence at boot (CVE-2014-1708).
Pinkie Pie has found a sandboxed code execution and kernel OOB write. For this exploit, the security expert has leveraged a couple of high-impact vulnerabilities: a memory corruption in GPU command buffer (CVE-2014-1710) and a kernel OOB write in GPU driver (CVE-2014-1711). The reward for Pinkie Pie has not been announced yet by Google.
Both Pinkie Pie and geohot are well known on the (white hat) hacking scene.
VUPEN has managed to identify a use-after free in Blink bindings. This is the vulnerability they’ve leveraged to hack Chrome on the second day of Pwn2Own.
“Congratulations to geohot for an epic Pwnium competition win. Pinkie Pie provided a fascinating set of vulnerabilities that will be rewarded through the Chrome VRP program. Moreover, one of the bugs exploited by VUPEN on Pwn2Own affected Chrome OS,” Google Chrome's Dharani Govindan noted in a blog post.
“We’re delighted at the success of Pwnium and the ability to study full exploits. We anticipate landing additional changes and hardening measures for these vulnerabilities in the near future. We also believe that both Pwnium submissions are works of art and deserve wider sharing and recognition. We plan to do technical reports on these submissions in the future.”
Systems running Chrome OS will receive the updates these days.
Last week, Google also released updates for the stable channel of Chrome 33 on all platforms to address the vulnerabilities presented at Pwn2Own.
Chrome has been hacked by VUPEN using the aforementioned security hole and a Windows clipboard bug, and by an anonymous participant who leveraged a memory corruption in V8 and a directory traversal.
VUPEN has been rewarded with $100,000 (€73,000). The anonymous researcher got only $60,000 (€43,000) because one of the flaws he leveraged was presented at Pwnium.
Google has been involved in both Pwnium and Pwn2Own. However, at Pwn2Own, the search engine giant was just a co-sponsor.