Google Chrome, the world's third-most popular web browser, has been hacked, it has emerged.
The hack followed previous unsuccessful attempts to compromise Chrome, most recently in the 2011 Pwn2Own computer hacking contest. It was carried out by Vupen, a French security firm, which directed the browser to a specifically-coded website.
Detailed information on the Google Chrome vulnerabilities that allowed the hack to be achieved has not been released, in line with Vupen's own trading terms, but video footage of it has.
The hack employed an advanced zero-day exploit that could get past Chrome's sandbox and other security measures and was compatible with both 64- and 32-bit Windows operating systems.
‘We are (un)happy to announce that we have officially Pwnd Google Chrome and its sandbox', Vupen confirmed in an online statement on the Google Chrome hack published on 9 May 2011.
Describing the exploit as ‘one of the most sophisticated codes we have seen and created', the statement concluded: ‘This code and the technical details of the underlying vulnerabilities will not be publicly disclosed. They are shared exclusively with our Government customers as part of our vulnerability research services.'
Google Chrome was launched at the end of 2008 and comes third to Internet Explorer and Firefox in terms of global user popularity. The strength of its sandbox technology has stopped any other source from being able to carry out a Chrome browser hack.
Pwn2Own is an annual computer hacking contest held since 2007. Participants are tasked with trying to exploit software, including web browsers. The most recent took place between 9-11 March and the software included Google Chrome. Google actually offered $20,000, on top of the main prize, to anyone that could compromise Chrome but both it and Mozilla Firefox were ultimately impenetrable.
"We're unable to verify Vupen's claims at this time as we have not received any details from them", a representative for Google told Computerworld. "Should any modifications become necessary, users will be automatically updated to the latest version of Chrome."
See also:
Companies supplying Internet Security
0 comments:
Post a Comment