Tech content trusted by users in North America and around the world
6,794 Reviews & Articles | 46,930 News Posts
TRENDING NOW: AMD rumored to launch its dual-GPU next month, the Radeon R9 Fury X2

Researchers exploit Chrome at Pwn2Own, receive $100,000 prize

Google Chrome was exploited by researchers at Pwn2Own, researchers won $100,000 prize
| Hacking & Security News | Posted: Mar 8, 2013 12:03 am

At the Pwn2Own hacking competition currently running in Vancouver, Canada, two security researchers from MWR Labs have managed to exploit Google Chrome. As a result of this impressive feat, they have been awarded a $100,000 prize. The exploit relied on a bug in Chrome as well as a bug in the kernel of Windows 7.




By visiting a malicious webpage, users could be susceptible to the exploit, even if they are running fully patched software. The exploit allowed the researchers to run code in the sandboxed renderer process. They then utilized a kernel exploit in Windows 7, which granted them elevated privileges.


We were able to exploit the first vulnerability in multiple ways, allowing us to leak the addresses of several objects in memory, calculate the base address of certain system dlls, read arbitrary data, and gain code execution. This allowed us to bypass ALSR by leaking the base address of a dll, and to bypass DEP by reading that dll's .text segment into a javascript string, allowing us to dynamically calculate the addresses of ROP gadgets.


MWR Labs will not release details on the exploit until the vendors have a chance to patch the vulnerabilities. Chrome is generally seen as the most secure and was picked because of its wide use and perceived security.


Related Tags

Got an opinion on this news? Post a comment below!
Subscribe to our Newsletter

Latest News Posts

View More News Posts

Forum Activity

View More Forum Posts

Press Releases

View More Press Releases