Google Chrome Got Pwned

Google has always cared about the security of your web browsing in Chrome. They’ve even dared the public to try and crack their browser in a contest. After years of unsuccessful attempts, this week at an IT security conference in our hometown of Vancouver, hackers got in. Chrome got pwned* — for the first time! Twice.

This isn’t cause for alarm. The world isn’t ending and all of your personal info is not going to get stolen—at least by hackers. Google Chrome still is the most secure browser you’ll find. Use it, please!

Surprisingly the first exploit happened within the first 5 minutes of the contest. A group of Vupen Security members showed off an unknown vulnerability. Chrome’s sandbox protection got blown right open! The team had made a webpage using code that bypassed all security protections, even though Chrome was fully updated. A hacker could literally do whatever they wanted on your machine. Fun!

The exploit was impressive, and earned a $60K prize. Google staff are now busy patching up the hole! They’ve always been open to public input though. The company may employ the best of the best, but some of the best just may be one of you. If you find a hole, they want to know —and they’re reward you for it!

I think the interesting thing to think about here is that Google had used to sponsor Pwn2Own. It decided not to this year and hold its own completion— Pwnium—so that participants didn’t have to reveal their methods publicly.

Google may want all of your info (to serve you better, remember?) but they definitely don’t want anyone else getting their hands on it either.

The Pwnium competition awards up to $1 million to those who can find security holes in Chrome:

  • First prize: $60,000
    “Chrome/Windows7 local OS user account persistence using only bugs in Chrome itself.”
  • Second prize: $40,000
    Target Chrome with one of its own bugs or any others in the OS.
  • Third prize: $20,000
    Find issues with Chrome without using any bugs.

I don’t feel any less secure using Chrome, but I will say that I’m a bit unnerved. It’s just showing that the battle between cybercriminals and those that oppose them is neck and neck. These days we’re past anti-virus. Advanced threat protection is what you need. How protected are you?


*the term pwned is slang for owned—originating most likely from a common typo and subsequently carried further…for those of you who might think I don’t know how to spell!

Scott Cornell

When he’s not knee deep in blogging and all things tech, Scott spends his free time playing ultimate Frisbee and watching foreign films. An expert in emerging tech trends, Scott always has his ear to ground for breaking news related to IT security.