Google pwns: Chrome goes untouched at hacking confab
For a third straight year, Google's Chrome browser has gone unhacked at a yearly event aimed at exposing the security flaws of today's modern browsers. The Mountain View, Calif. search company put its money where its mouth was too: last month it offered $20,000 to the first team able to hack the company's browser.
Pwn2Own is part of the CanSecWest security conference, held yearly by HP TippingPoint. Contestants are tasked with hacking each of the major browsers -- Internet Explorer, Firefox, Safari, and Chrome -- and the first teams to do so not only win a $15,000 cash prize but also the computer they hacked the browser on.
With only one day left in the contest, nobody had successfully taken on the browser. According to contest organizer and HP TippingPoint security research team manager Aaron Portnoy, the first team was a no-show, while the only other team decided to work on a BlackBerry exploit instead.
"It doesn't look like anyone will try Chrome," Portnoy told Computerworld. While hackers may still yet register to attempt in the contest's closing days, it does not appear at this time that anyone would come forward. If they do, Google would only need to pony up a $10,000 bonus, as the hack needed to be completed on the first day for the full prize.
Cracking Chrome might have proved too difficult. The browser uses what is called a "sandbox," which isolates system processes. In order for a crack to be successful, first the sandbox must be cracked, and then the exploit code itself executed. Hackers may have seen this as too time intensive, opting instead to attempt easier hacks.
Other browsers were not as lucky. Internet Explorer and Safari were both hacked rather easily on Wednesday. Safari was hacked in a matter of seconds using an unpatched flaw -- even after a security update had been released hours before the contest -- and Internet Explorer was taken down by a trio of hacks.
Hackers were scheduled to attempt to take on Firefox Thursday, organizers said. Also on the agenda are hacking attempts to several mobile browsers, including iOS, Android, Windows Phone 7, and BlackBerry OS.