NEWS - March 12, 2012
by Carol~ - 3/12/12 8:42 AM
Google Fixes Second Set of Chrome Bugs Used in Pwnium Contest
Google has pushed out a patch for the second full sandbox escape exploit used in the Pwnium contest at CanSecWest. The Chrome vulnerabilities that the exploit targeted were discovered by an anonymous researcher who used the name PinkiePie and claimed a $60,000 reward from Google.
The attack that the researcher used included three separate vulnerabilities which he was able to string together to compromise Chrome. The researcher did not use his real name, but Google security officials at the conference said that they knew who he was and that he was well-respected in the security community. He had been working on the attack for a while and Google officials were unsure whether he'd be able to complete before the Pwnium contest ended Friday afternoon.
The contest was created as a rival to the Pwn2Own contest at CanSecWest, which as been running for several years. Google officials said they were happy with the results of Pwnium, which attracted two full sandbox escapes in Chrome, and the contest could end up being expanded in future years.
Continued : http://threatpost.com/en_us/blogs/google-fixes-second-set-chrome-bugs-used-pwnium-contest-031212
Pwn2Own ends with three browsers felled - Update
Teen exploits three 0-days to hack Chrome, earns $60K from Google
See Vulnerabilities / Fixes: Google Chrome Three Unspecified Code Execution Vulnerabilities