“On March 5, the protection was added to Google Chrome 17.0.963.65. ![]() According to ZDNet, Google set the exploit trap for the Vupen security team. Chrome security folks crafted the signature 0xABAD1DEA to be generated when the Flash vulnerability was triggered. That money was well earned by the Chrome security team who must have expected Vupen to attempt exploiting the Flash Player plugin in Chrome. ![]() Pwnium called French security firm Vupen’s Flash pwn a “consolation prize.” This left $880,000 of cash prizes remaining which will now be “distributed to the Chrome Security Team.” Unlike last year when nobody tried to topple Chrome, Google set up big, juicy prize money for Pwnium and then paid out two $60,000 cash awards to two hackers and managed to patch the vulnerabilities in a turnaround time of less than 24 hours. Oddly enough, the only browser that survived pwn-fest shame was Safari - but that’s surely because nobody attempted to take it on. During the three-day CanSecWest security conference in Canada, the four browser targets for Pwn2Own were Microsoft Internet Explorer, Apple Safari, Google Chrome and Mozilla Firefox, all of which were running “the latest, fully patched version of either Windows 7 or Lion.” The rules for Pwn2Own changed this year “from who can hack a browser faster, as it was in previous editions, to who can write the highest number of reliable exploits.” Another huge change was that Google had its own $1 million Pwnium contest.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |