Quantcast
Channel: Kickboxer Is Amazing
Viewing all articles
Browse latest Browse all 10

Google fixes Chrome vulnerabilities exploited at Pwn2Own hacking contest

0
0

November 15, 2013

By Lucian Constantin | IDG News Service

Google released emergency security updates for Chrome in order to patch critical vulnerabilities demonstrated Thursday by a security researcher at the Mobile Pwn2Own hacking competition.

The vulnerabilities were exploited by a security researcher who uses the pseudonym Pinkie Pie to achieve arbitrary code execution on a Nexus 4 and a Samsung Galaxy S4 device, earning him a prize of $50,000 in the contest.

[ InfoWorld's expert contributors show you how to secure your Web browsers in a free PDF guide. Download it today! | Learn how to protect your systems with Roger Grimes' Security Adviser blog and Security Central newsletter, both from InfoWorld. ]

Following Pinkie Pie’s demonstration, the vulnerabilities were reported to Google, which took less than a day to fix them and push out new patches.

Even though the researcher demonstrated his exploit on Chrome for Android, Google also fixed the vulnerabilities in Chrome for Windows, Mac and Linux, as well as in Chrome Frame plug-in for Internet Explorer.

Google describes the vulnerabilities only as “multiple memory corruption issues,” but the Pwn2Own contest organizers said Pinkie Pie’s attack exploited an integer overflow and a separate vulnerability that allowed for a full sandbox escape.

Google Chrome’s application sandbox separates the browser’s processes from the operating system, making it difficult to achieve arbitrary code execution. Pinkie Pie demonstrated Chrome sandbox escape exploits before in 2012, as part of Google’s own Pwnium contests.

Google released version 31.0.1650.57 of Chrome for Windows, Mac and Linux; Chrome Frame 31.0.1650.57 and Chrome for Android version 31.0.1650.59 to address the vulnerabilities.

In addition to fixing security and stability issues, the new version of Chrome for Android adds support for printing on Android KitKat devices and enhances autofill on websites that support requestAutocomplete, Google said in the release notes.

Source: http://akamai.infoworld.com/d/security/google-fixes-chrome-vulnerabilities-exploited-pwn2own-hacking-contest-230948?source=rss_applications
Related Topics: nfl   nyc marathon   National Cheeseburger Day   twin towers   Ariel Castro  


Viewing all articles
Browse latest Browse all 10

Latest Images

Trending Articles





Latest Images