Google Chrome vulnerability research : Stakes, threats and patches for users in October 2012
Always in the ongoing effort to reward exceptional vulnerability research in the security community, Google hosted the Pwnium 2 competition at Hack in the Box 2012 in Kuala Lumpur at the beginning of October 2012.
Findings: Google received a valid exploit from returning pwner, Pinkie Pie. This pwn relies on a WebKit Scalable Vector Graphics (SVG) compromise to exploit the renderer process and a second bug in the IPC layer to escape the Chrome sandbox. Since this exploit depends entirely on bugs within Chrome to achieve code execution.
After this breakthrough, Google updated users with
a freshly patched version of Chrome.
Findings: Google received a valid exploit from returning pwner, Pinkie Pie. This pwn relies on a WebKit Scalable Vector Graphics (SVG) compromise to exploit the renderer process and a second bug in the IPC layer to escape the Chrome sandbox. Since this exploit depends entirely on bugs within Chrome to achieve code execution.
Comments