Google Chrome is proving to be a real challenge to hackers. The browser was the only one left standing, for the second year in a row, in the Pwn2Own competition, which challenges security experts to hack into a computer through one of the four most popular web browsers out there for cash prizes. All other browsers, including Safari on the iPhone, were successfully cracked within minutes of the start of the competition.
The yearly competition, now at its fourth edition, ran last week with security researchers vying for the $10,000 cash prizes and the laptops that would be successfully compromised. The major browsers proved no match for the determined hackers and Firefox, IE8 and Safari were quickly taken over.
Particularly impressive was the iPhone hack, which left the entire SMS database exposed. Using a purposely built, malicious website, the hackers were able to take over a fully patched, non-jaibroken iPhone in less than 20 seconds and download all the text messages on record and the entire contact list, despite the fact that apps needed to be digitally signed in order to run on the Apple smartphone.
Yet, Google Chrome escaped unharmed, as hackers didn't even try to exploit any of the vulnerabilities that the browser might have. Google did indeed patch 11 security flaws last week which might have deterred any would-be attackers, but the browser is usually updated at a fast pace. Apple fixed even more vulnerabilities in Safari in the last week and it didn't do it any good. What's more, it wasn't the lack of market share that helped Google Chrome, as it might have been the case last year when the browser also remained un-hacked, as the browser has a bigger market share
than Safari at this point.
This doesn't mean that Google Chrome is completely safe or even that it's better than the other browsers, but it does indicate that the security measures Google has implemented seem to be doing their job. One particular feature that is being credited for the browser's increased security is the sandbox mode, which does a good job at isolating code run by websites from the rest of the operating system and applications. Updated
to reflect the fact that there no attempts to hack Google Chrome at the Pwn2Own competition.