14 DAY TRIAL // The Pwn2Own 2013 competition is well underway and it's proving one of the most successful to date, in the sense that all browsers in the contest were successfully hacked in the first day.
Google Chrome, which had not been breached until last year, was a victim this time around as well, earning a two-man team from MWR Labs $100,000 (€76,860) in the process.
The hackers managed to exploit a bug in Chrome to run arbitrary code inside the sandbox and then used a bug in the Windows kernel to elevate the privileges of that code and take complete control of the system.
"We showed an exploit against previously undiscovered vulnerabilities in Google Chrome running on a modern Windows-based laptop," MWR Labs explained.
"By visiting a malicious webpage, it was possible to exploit a vulnerability which allowed us to gain code execution in the context of the sandboxed renderer process," it said.
"We also used a kernel vulnerability in the underlying operating system in order to gain elevated privileges and to execute arbitrary commands outside of the sandbox with system privileges," it added.
The Chrome bug allows the hackers to do a number of things, determine the location of important DLLs in memory, read from portions of the memory they shouldn't be able to and even run their own code with elevated privileges, all of which can be exploited.
Google is one of the sponsors of this year's competition, but it's also doing its own separate challenge focusing on Chrome OS.
Last year, Google abandoned the Pwn2Own competition and started its own because hackers weren't required to disclose their methods, meaning the bugs couldn't be fixed in the browsers targeted.
But that changed this year so Google is back, but it's also running its Pwnium challenge, though the target this time is Chrome OS and not Chrome.