Every year, The Pwn2Own hacker contest will be held at the annual CanSecWest security conference. In this year contest, Google Chrome, which was the first browser to be hacked by an attack exploiting a previously unknown vulnerability in the most up-to-date version.For the last 4 years, since it’s arrival to the Browser market , no one step into the process of hacking.
Today at Pwn2Own hacker contest, Chrome finally hacked and the person who hacked the chrome took home $60,000 in the process. The hack has been confirmed on Twitter by Justin Schuh, a Google security team member
Why Chrome is very hard to Hack?
In Chrome, they added the extra security feature “Sandbox” . Chrome’s security sandbox—which isolates web content inside a highly restricted perimeter that’s separated from the rest of the operating system—makes it harder to write reliable attacks. Chrome’s built-in sandbox makes it much more difficult to exploit than other browsers. The hacker should be able to bypass the “sandbox” restriction of the browser and then the hacker should access the host system.
Chrome hacked Twice at Pwn2Own:
In the first five minutes of the contest Chrome was taken down security researchers from VUPEN, a security firm. The VUPEN security CEO Chaouki Bekrar saying that they “wanted to show that even Chrome is not unbreakable.” Bekrar’s team used a specific vulnerable component of Chrome in their hack.
Another one who hacked the Chrome in the contest Sergey Glazunov.
His statement to Ars team,
My team’s attack exploited what’s known as a use-after-free bug to bypass DEP, or data execution prevention, and ASLR, or address space layout randomization. Both mitigations are designed to prevent hackers from executing malicious code even when they locate vulnerabilities. Our team exploited the second vulnerability that allows code to break out of the sandbox.
The very first day Google chrome hacked, we have to wait for next day to know what other browsers will be hacked.
Update your Google chrome to latest version here.