PDA

View Full Version : Google Chrome exploit fetches "Pinkie Pie" $60,000 hacking prize


News
10-10-12, 03:10 PM
http://cdn.arstechnica.net/wp-content/uploads/2012/10/pinkie-pie1.jpg An image displayed on a computer after it was successfully commandeered by Pinkie Pie during the first Pwnium competition in March.
Dan Goodin


A hacker who goes by "Pinkie Pie" has once again subverted the security of Google's Chrome browser, a feat that fetched him a $60,000 prize and resulted in a security update (http://googlechromereleases.blogspot.com/2012/10/stable-channel-update_6105.html) to fix underlying vulnerabilities.

Ars readers may recall Pinkie Pie from earlier this year (http://arstechnica.com/business/2012/03/googles-chrome-browser-on-friday/), when he pierced Chrome's vaunted security defenses at the first installment of Pwnium (http://arstechnica.com/business/2012/02/google-pledges-1-million-in-cash-to-hackers-who-exploit-chrome/), a Google-sponsored contest that offered $1 million in prizes to people who successfully hacked the browser. At the time a little-known reverse engineer of just 19 years, Pinkie Pie stitched together at least six different bug exploits (http://arstechnica.com/security/2012/05/anatomy-of-a-hack-6-separate-bugs-needed-to-bring-down-google-browser/) to bypass an elaborate defense perimeter designed by an army of some of the best software engineers in the world.

At the second installment of Pwnium (http://arstechnica.com/security/2012/08/google-pledges-million-in-hacking-prizes/), which wrapped up on Tuesday at the Hack in the Box 2012 (http://conference.hitb.org/hitbsecconf2012kul/) security conference in Kuala Lumpur, Pinkie Pie did it again. This time, his attack exploited two vulnerabilities. The first, against Scalable Vector Graphics functions in Chrome's WebKit browser engine, allowed him to compromise the renderer process, according to a synopsis provided by Google software engineer Chris Evans (http://blog.chromium.org/2012/10/pwnium-2-results-and-wrap-up_10.html).

Read 5 remaining paragraphs (http://arstechnica.com/security/2012/10/google-chrome-exploit-fetches-pinkie-pie-60000-hacking-prize/) | Comments (http://arstechnica.com/security/2012/10/google-chrome-exploit-fetches-pinkie-pie-60000-hacking-prize/?comments=1#comments-bar)

http://feedads.g.doubleclick.net/~at/UpHrFGTxbywosjc0Gdng3pSRfgA/0/di (http://feedads.g.doubleclick.net/~at/UpHrFGTxbywosjc0Gdng3pSRfgA/0/da)
http://feedads.g.doubleclick.net/~at/UpHrFGTxbywosjc0Gdng3pSRfgA/1/di (http://feedads.g.doubleclick.net/~at/UpHrFGTxbywosjc0Gdng3pSRfgA/1/da)

http://feeds.feedburner.com/~ff/arstechnica/index?i=QcXvxPhsDrc:Y1wIXOHXV1w:V_sGLiPBpWU (http://feeds.arstechnica.com/~ff/arstechnica/index?a=QcXvxPhsDrc:Y1wIXOHXV1w:V_sGLiPBpWU) http://feeds.feedburner.com/~ff/arstechnica/index?i=QcXvxPhsDrc:Y1wIXOHXV1w:F7zBnMyn0Lo (http://feeds.arstechnica.com/~ff/arstechnica/index?a=QcXvxPhsDrc:Y1wIXOHXV1w:F7zBnMyn0Lo) http://feeds.feedburner.com/~ff/arstechnica/index?d=qj6IDK7rITs (http://feeds.arstechnica.com/~ff/arstechnica/index?a=QcXvxPhsDrc:Y1wIXOHXV1w:qj6IDK7rITs) http://feeds.feedburner.com/~ff/arstechnica/index?d=yIl2AUoC8zA (http://feeds.arstechnica.com/~ff/arstechnica/index?a=QcXvxPhsDrc:Y1wIXOHXV1w:yIl2AUoC8zA)
http://feeds.feedburner.com/~r/arstechnica/index/~4/QcXvxPhsDrc

More... (http://feeds.arstechnica.com/~r/arstechnica/index/~3/QcXvxPhsDrc/)