14 DAY TRIAL // Google Chrome has finally been pwned, several successful exploits were presented during Pwn2Own and the Google-hosted Pwnium competitions that took place last week at the CanSecWest.
In the official competition, which pits browsers against skilled hackers who try to exploit bugs and vulnerabilities to take over the system on which the browser is running, Chrome had never been challenged.
While hackers had the opportunity to take on Chrome as well as Internet Explorer, Firefox and Safari, no one had targeted Chrome until this year, mostly because its security features, the sandbox in particular, made it a more formidable adversary, compared to the other browsers.
Hackers mostly wanted to win, not necessarily show that they can break Chrome.
So this year, Google decided to spice things up a bit and awarded its own prizes on top of the regular ones for anyone that managed to break Chrome, with the top prize being $60,000, €45,700 for any exploit that would bypass or break out of the Chrome sandbox.
The Pwn2Own competition organizers also changed the rules this year, allowing hackers to use bugs in Flash, which is shipped with Chrome, for the grand prize.
In the main Pwn2Own competition, Chrome was successfully hacked for the first time by team Vupen, a security research team that's been successful in years past with other browsers.
However, the team would not disclose the bug or the exploit they used and said that they would sell the info to the highest bidder. This is one of the main reasons why Google withdrew as a sponsor of the contest and organized its own Pwnium.
In the Pwnium competition, long-time Chrome vulnerability finder Sergey Glazunov presented a working sandbox exploit that earned him $60,000. The Chrome team fixed the vulnerability and issued a patch within 24 hours.
On Friday, just as the competition was about to close, another submission was made earning researcher PinkiePie $60,000 as well. Again, a patch was issued within 24 hours. Google promised to detail the bugs and exploits when most users are up to date.