Jump to content
dekeeu

Google Patches Four Pwn2Own Bugs in Chrome 33

Recommended Posts

Posted

chrome_patch-680x400.jpg

Now that the dust has settled after the Pwn2Own contest, the browser manufacturers are beginning to roll out patches for the vulnerabilities exploited by contestants. Google on Monday released fixes for a number of bugs in Chrome discovered and exploited during Pwn2Own, releasing new versions of the browser for Windows, Mac and Linux.

This year’s Pwn2Own, which runs in conjunction with the CanSecWest conference in Vancouver, showcased vulnerabilities and exploits in most of the major browsers, including Internet Explorer and Firefox, along with Chrome. The team from VUPEN, the French security and exploit-sales firm, took home several hundred thousand dollars in prize money from the contest, a good portion of it for demonstrating new bugs in Google Chrome. In addition to the prize money from the contest, Google also is paying its own rewards to the researchers who used new flaws in Chrome.

VUPEN earned a $100,000 reward from Google for its two Chrome vulnerabilities, and an anonymous researcher also earned $60,000 for two separate vulnerabilities. The flaws used in Pwn2Own that Google fixed in Chrome 33 are:

[$100,000] [352369] Code execution outside sandbox. Credit to VUPEN.

-[352374] High CVE-2014-1713: Use-after-free in Blink bindings

-[352395] High CVE-2014-1714: Windows clipboard vulnerability

[$60,000] [352420] Code execution outside sandbox. Credit to Anonymous.

-[351787] High CVE-2014-1705: Memory corruption in V8

-[352429] High CVE-2014-1715: Directory traversal issue

Patches for Internet Explorer and Firefox likely will take a little longer, as they’re on longer update cycles than Google, which typically pushes out new versions whenever significant security issues need to be fixed. Google security officials said that they plan to publish some details of the exploits used against Chrome in Pwn2Own in the coming weeks.

“We’re delighted at the success of Pwn2Own and the ability to study full exploits. We anticipate landing additional changes and hardening measures for these vulnerabilities in the near future. We also believe that both submissions are works of art and deserve wider sharing and recognition. We plan to do technical reports on both Pwn2Own submissions in the future,” Anthony Laforge of Google said in a blog post.

Sursa: Google Patches Four Pwn2Own Bugs in Chrome 33 | Threatpost | The first stop for security news

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...