Insecure Candidates: Chrome Wins Hacking Contest

Mar 23, 2009

At the CanSecWest Vancouver 2009 conference's PWN2OWN hacker's competition the Safari, Internet Explorer 8 and Firefox browsers were successfully hacked to run code on their systems. The Chrome browser was recognized as being the least impacted by the hackers.

The two-day PWN2OWN competition had but one goal: hacking an application as fast as possible to run code in it. The hacker contest is a feature of the annual CanSecWest conference, this year in Vancouver March 16-20, where standard PCs and Macs are subjected to vulnerabilities using the current version of the targeted software containing all the newest security updates. This year the hackers were to hack four fully patched browsers and five mobile devices. While the mobile devices remained "unscathed," almost all browsers failed the test in one way or another.

In less than 10 seconds Charlie Miller could open his MacBook with Safari and promptly won the $5,000 Zero Day Initiative prize. After jury members clicked a specially prepared link, Miller could control the system through an undocumented security hole.

Internet Explorer 8 was the next victim (ironically almost parallel to its official start in Las Vegas) to follow the MacBook pattern. A hacker named simply Nils used an undocumented vulnerability to control the Windows 7 subsystem and won another $5,00 prize from ZDI. He also exploited the first known security hole of IE8. Just earlier Microsoft's Dean Hachamovitch in his talk had praised the high security standards of IE8 with its Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) protection technologies.

Twice again Nils pulled off victories. First was a Safari exploit that won him another $5,000. Secondly, the Firefox competition didn't escape his schadenfreude and he won another prize through a zero day exploit: altogether $15,000 for Nils.

Uncontested winner of the day was Google's Chrome browser, even though Charlie Miller did find a vulnerability that he later admitted his sandbox prevented him from carrying out. Details of the vulnerabilities unfortunately weren't given out: the TippingPoint DVLabs host of the conference pretty much buys the discretion of the hackers through its prize money, but will pass things on to the browser manufacturers.

Related content

  • Pwn2Own and Pwnium 3 Details Announced – Competitions Offer Big Bucks for Hacking Skills

    HP’s Zero Day Initiative (ZDI) announces details for the annual Pwn2Own competition.

  • Hacker-Powered Security

    Mårten Mickos is one of the most respected members of the open source world. The former CEO of MySQL AB during its prime now serves as the CEO of HackerOne, a vulnerability coordination and bug bounty platform. I sat down with Mickos to understand HackerOne's purpose and his perspective on the security of open source software.

  • Linux Chrome with Gtk+: Cross-Platform Complication

    If Google were to use Qt, things would be much simpler and Chrome would have a unified interface under Windows, Linux and Mac OS X. But Google isn't satisfied with Qt.

  • News

    GitHub offers free private repositories, Linus Torvalds welcomes 2019 with Linux 5, SQLite database vulnerable, hacks abound, Kubernetes vulnerability found and fixed, and Dolphin announces new switch for composable architectures. 

  • Chrome Browser Overtakes Apple Safari Per Net Applications

    If the newest statistics from Net Applications are to be believed, Google's Chrome browser has surpassed in market share Apple's KHTML engine-based Safari browser in December 2009 by a few tenths of a percentage point.


  • Opera

    I would have liked to see how Opera stacked up in this contest. The Chrome vs. Opera argument is a vailid one.
comments powered by Disqus
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters

Support Our Work

Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.

Learn More