Google patches WebKit flaw after Pwn2Own contest

Powered by SC Magazine
 

Rewards hack team.

Google has patched a vulnerability exploited by researchers at last week’s Pwn2Own hacking contest.

Even though Google Chrome was not hacked during the competition, the bug resided in WebKit - the rendering engine used by the browser.

WebKit is also featured in Apple’s Safari and the browser found on BlackBerry phones.

A team of researchers, including Willem Pinckaers, Vincenzo Iozzo and Ralf-Philipp Weinmann, hacked a BlackBerry Torch 9800 by exploiting the vulnerability.

On top of the US$15,000 they received for the BlackBerry hack, the researchers were handed US$1,337 from Google.

The update, in Google Chrome 10.0.648.133, only fixed the WebKit security issue.

The memory corruption bug was given a high priority ranking, but Google was not forthcoming on any additional details.

”Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix,” said Jason Kersey, from the Google Chrome team.

Google has handed out over US$100,000 as part of its Chromium Security Rewards programme.

This article originally appeared at itpro.co.uk

Copyright © ITPro, Dennis Publishing


Google patches WebKit flaw after Pwn2Own contest
 
Readers of this article also read...
 
 
Top Stories
Matching databases to Linux distros
Reviewed: OS-repository DBMSs, MariaDB vs MySQL.
 
Coalition's NBN cost-benefit study finds in favour of MTM
FTTP costs too much, would take too long.
 
Who'd have picked a BlackBerry for the Internet of Things?
[Blog] BlackBerry has a more secure future in the physical world.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Which is the most prevalent cyber attack method your organisation faces?




   |   View results
Phishing and social engineering
  71%
 
Advanced persistent threats
  3%
 
Unpatched or unsupported software vulnerabilities
  11%
 
Denial of service attacks
  6%
 
Insider threats
  10%
TOTAL VOTES: 769

Vote