We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
78,785 News Articles

Google Chrome untouched at Pwn2Own hack match

No one takes up Google's $20,000 offer

Google's $20,000 is currently as safe at Pwn2Own as if it had been in the bank.

The search giant had promised to pay $20,000 to the first researcher who broke into Chrome on the hacking contest's opening day.

But no one took up Google's offer.

"The first contestant was a no-show," said Aaron Portnoy, manager of HP TippingPoint's security research team, and Pwn2Own's organiser. "And the other team wanted to work on their BlackBerry vulnerability. So it doesn't look like anyone will try Chrome."

Only two entries had pre-registered for Chrome: Moatz Khader and one or more researchers going as 'Team Anon'. (Researchers may remain anonymous if they wish.) Based on a random drawing several weeks ago, Khader was to get first shot, with Team Anon second.

Team Anon is also slated to tackle RIM's BlackBerry OS.

TippingPoint provided a tentative schedule for today's Pwn2Own; that schedule doesn't show any planned Chrome exploit.

Even if someone unexpectedly stepped up to take a crack at Chrome and exploited the browser, Google would be on the hook for just $10,000. As part of the deal it struck with TippingPoint, the two will split the $20,000 payment for a successful hack on the second or third days of the contest.

If Chrome comes out unscathed, as it now appears it will, the browser will have survived three consecutive Pwn2Owns, a record.

Researchers successfully exploited Safari and Internet Explorer. A team from French security company Vupen took down Safari 5 running on a MacBook Air notebook in five seconds, and independent researcher Stephen Fewer used a trio of vulnerabilities to hack IE8 on Windows 7.

Portnoy was impressed with Fewer's work. "The most impressive so far," said Portnoy. "He used three vulnerabilities to [not only] bypass ASLR and DEP, but also escape Protected Mode. That's something we've not seen at Pwn2Own before."

ASLR, which stands for address space layout randomisation, and DEP, or data execution prevention, are a pair of technologies baked into Windows that are designed to make it more difficult for exploits to reliably execute. Protected Mode is IE's 'sandbox', which isolates the browser - and thus any attack code that manages to infiltrate it - from escaping to do damage to the system as a whole.

Pwn2Own continues today and Friday, when Mozilla's Firefox and four smartphones running Apple's iOS, Google's Android, Microsoft's Windows 7 Phone and RIM's BlackBerry OS will be in researchers' crosshairs.

See also: Safari and IE hacked first at Pwn2Own


IDG UK Sites

Android One vs Android Silver vs Google Nexus: What is the difference?

IDG UK Sites

iOS 8 review: Hands on with the iOS 8 beta

IDG UK Sites

Thinking robots: The philosophy of artificial intelligence and evolving technology

IDG UK Sites

How to shoot a robot rom-com in three days