TweakTown
Tech content trusted by users in North America and around the world
6,135 Reviews & Articles | 39,414 News Posts

Researchers exploit Chrome at Pwn2Own, receive $100,000 prize

Google Chrome was exploited by researchers at Pwn2Own, researchers won $100,000 prize

| Hacking & Security News | Posted: Mar 8, 2013 12:03 am

At the Pwn2Own hacking competition currently running in Vancouver, Canada, two security researchers from MWR Labs have managed to exploit Google Chrome. As a result of this impressive feat, they have been awarded a $100,000 prize. The exploit relied on a bug in Chrome as well as a bug in the kernel of Windows 7.

 

TweakTown image news/2/8/28970_1_researchers_exploit_chrome_at_pwn2own_receive_100_000_prize.jpg

 

By visiting a malicious webpage, users could be susceptible to the exploit, even if they are running fully patched software. The exploit allowed the researchers to run code in the sandboxed renderer process. They then utilized a kernel exploit in Windows 7, which granted them elevated privileges.

 

We were able to exploit the first vulnerability in multiple ways, allowing us to leak the addresses of several objects in memory, calculate the base address of certain system dlls, read arbitrary data, and gain code execution. This allowed us to bypass ALSR by leaking the base address of a dll, and to bypass DEP by reading that dll's .text segment into a javascript string, allowing us to dynamically calculate the addresses of ROP gadgets.

 

MWR Labs will not release details on the exploit until the vendors have a chance to patch the vulnerabilities. Chrome is generally seen as the most secure and was picked because of its wide use and perceived security.

NEWS SOURCES:News.cnet.com

Related Tags

Further Reading: Read and find more Hacking & Security news at our Hacking & Security news index page.

Do you get our news RSS feed? Get It!

Got an opinion on this news? Post a comment below!

Latest Tech News Posts

View More News Posts

Forum Activity

View More Forum Posts

Press Releases

View More Press Releases