Teenager cracks Chrome again

Updated: A teenage hacker has launched a successful full exploit against Google Chrome at the HackInTheBox conference in Malaysia.

The exploit, now confirmed by Google’s US headquarters, earned the teenage hacker known as Pinkie Pie the top US$60,000 cash reward during Google’s Pwnium 2 event yesterday afternoon.

Google engineer Chris Evans said the attack targeted  two vulnerabilities. One exploited  the Scalable Vector Graphics function in Chrome's WebKit that led to compromise of the rendering process. The second bug affected the IPC layer to escape the Chrome sandbox.

It took Google only 10 hours to release a patch for the holes.

The company will give away up to a total of US$2 million during the event.

• $60,000 - “Full Chrome exploit”: Chrome / Win7 local OS user account persistence using only bugs in Chrome itself.

• $40,000 - “Partial Chrome exploit”: Chrome / Win7 local OS user account persistence using at least one bug in Chrome itself, plus other bugs. For example, a WebKit bug combined with a Windows sandbox bug.

• $20,000 - “Consolation reward, Flash / Windows / other”: Chrome / Win7 local OS user account persistence that does not use bugs in Chrome. For example, bugs in one or more of Flash, Windows or a driver. These exploits are not specific to Chrome and will be a threat to users of any web browser. 

It will be the second time Pinkie Pie has scored the lucrative top prize. In March this year he strung together six vulnerabilities to escape the Chrome sandbox during the CanSecWest Pwnium event.

That exploit was done on an updated Windows 7 64bit machine and only required normal user web browsing.

Google dedicates three teams to exploits uncovered during Pwnium and can have a patch ready within 24 hours.

It formed Pwnium after pulling out of the pwn2own competition which did not require entrants to reveal information on their exploits.

Copyright © SC Magazine, Australia