Nytro Posted March 8, 2012 Report Posted March 8, 2012 [h=2]Chrome Hacked In 5 Minutes At Pwn2Own[/h]"After offering a total prize fund of up to $1M for a successful Chrome hack, it seems Google got what it wanted (or not!). No more than 5 minutes into the Pwn2Own cracking contest team Vupen exploited 2 Chrome bugs to demonstrate a total break of Google's browser. They will win at least 60k USD out of Google's prize fund, as well as taking a strong option on winning the overall Pwn2Own prize. It also illustrates that Chrome's much lauded sandboxing is not a silver bullet for browser security."Sursa: Chrome Hacked In 5 Minutes At Pwn2Own - Slashdot Quote
anon Posted March 8, 2012 Report Posted March 8, 2012 Inca una din ciclul " ai grija ce iti doresti, va s-ar putea sa primesti ! " ,asa le trebe. Quote
JohnyCNAM Posted March 8, 2012 Report Posted March 8, 2012 Sunt curios:Cum isi permite google sa ofere atatia bani pentru asa ceva? Quote
Nytro Posted March 8, 2012 Author Report Posted March 8, 2012 Atatia? 60.000 de dolari ti se pare mult? Nu da 1 milion pentru asta, da MAXIM 60.000 $. Cititi si voi tot... Quote
Guest expl0iter Posted March 8, 2012 Report Posted March 8, 2012 Google a dat peste 300.000$ celor care au raportat vulnerabilitati in *google.com/orkut.com/youtube.com si peste 700.000$ celor care au raportat buguri in google chrome.Unii s-au imbogatit de pe urma la google, sau macar au fost scutiti de cateva mii de dolari... Quote
Nytro Posted March 12, 2012 Author Report Posted March 12, 2012 Hackeri: http://2.bp.blogspot.com/-COoyZ5u_me8/T124fMkzWZI/AAAAAAAAFMw/WjjETqyp-fo/s640/Finally+Google+Chrome+gets+hacked+at+Pwn2Own.jpgVupen Security and Sergey Glazunov independently managed to penetrate Google Chrome’s security defenses at the Pwn2Own and 'Pwnium' contests respectively. The annual competition, which invites ethical hackers from around the world to attempt hacking into the most popular web browsers and in the process expose vulnerabilities and loopholes in the browser's security, while grabbing a handsome reward.At this year's competition, the co-founder and head of research of Vupen, Chaouki Bekrar and his team managed to break into Google Chrome in less than 5 minutes, in the process quashing talks about the browser's unquestionable security. They used "a pair of zero-day vulnerabilities to take complete control of a fully patched 64-bit Windows 7 (SP1) machine." For the successful break-in, Vupen has won itself 32 points.Google Chrome security knew that the Flash Player plugin sandbox is significantly weaker and that an exploit against Chrome’s Flash Player would have to go through a certain path.Having figured out that Vupen used that technique (from the May video), Google decided to add a specific protection for Flash. The hack qualifies him for one of the top $60,000 prizes that are part of Google’s $1 million Pwnium challenge, and could be the launch of a new security career.VUPEN co-founder Chaouki Bekrar, an outspoken exploit writer who insisted the team deliberately targeted Chrome to prove a point, was uncharacteristically coy when asked if the faulty Chrome code came from Adobe.”It was a use-after-free vulnerability in the default installation of Chrome,” he said. “Our exploit worked against the default installation so it really doesn’t matter if it’s third-party code anyway.” Bekrar told, Zdnet reports.IE 9 on Windows 7 was also hacked, again through a complicated hack that had to circumvent the browser’s sandbox. Microsoft, however, may not respond so rapidly, as its quality testing procedure usually takes a few months to fix bugs like these.Safari on Mac OS X Snow Leopard, along with Firefox and IE 8 on Windows XP, was also hacked.Sursa: Finally Google Chrome gets hacked at Pwn2Own | The Hacker News (THN) Quote
