Chrome Finally Breached in Google's $1 Million Hackathon [Security]

Source: http://gizmodo.com/5891508/chrome-finally-breached-in-googles-1-million-hackathon

Google recently offered up prizes totaling $1 million for those capable of exploiting its browser Chrome. Now, at Google's own competition called Pwnium, a student has walked away with one of the top prizes, earning $60,000 by hacking a PC running Chrome.

Chrome has featured in Pwn2Own—a security competition run by HP—for the last four years, but while the likes of Safari and Internet Explorer have crumbled, Google's browser has remained resolute.

Now, at Google's breakaway event Pwnium, Sergey Glazunov, a Russian university student, successfully hacked a PC running Google's Chrome browser to claim a $60,000 prize. ZDNet reports that he used a previously undiscovered exploit specific to chrome to bypass its "sandbox"—a restriction designed to stop hackers accessing the rest of a user's computer even if they do compromise the browser. Google security team member Justin Schuh has confirmed the hack on Twitter.

Simultaneously, at HP's Pwn2Own event, a security firm also hacked Chrome in five minutes. While all this means that Google can no longer tout Chrome's record of withstanding hacks, it does mean that the browser will get better. As part of the prize-giving system, all hackers have to disclose full details of their hack—so Google are definitely set to learn something. [ZDNet; Image: Pedro Miguel Sousa / Shutterstock]