Jump to content
Reliance Jio & Reliance Mobile Discussion Forums
Honest

Hack Chrome, Win A Million Dollars!

Recommended Posts

Hack Chrome, Win A Million Dollars!

Google boasts of its browser's security with a high stakes challenge

Thumb-Chrome-Hack.jpg

Google has put up $1 million as prize money for anyone who can find a security flaw in its Chrome web browser. This is fifty times the amount it offered last year for the same, in the Pwn2Own hacking competition, held at the CanSecWest security conference. However, this competition is not related to Pwn2Own, where hackers reveal exploits and security bugs in operating systems and web browsers.

While the search giant will pay out as much as a million dollars if security loopholes are found, it also states that hackers will have to reveal quite a few exploits to claim that huge a bounty. The contest has been divided into three categories and the prize money varies as below:

  • $60,000 - Full Chrome exploit: Chrome / Win7 local OS user account persistence using only bugs in Chrome itself.
  • $40,000 - Partial Chrome exploit: Chrome / Win7 local OS user account persistence using at least one bug in Chrome itself, plus other bugs. For example, a WebKit bug combined with a Windows sandbox bug.
  • $20,000 - Consolation reward, Flash / Windows / other: Chrome / Win7 local OS user account persistence that does not use bugs in Chrome. For example, bugs in one or more of Flash, Windows or a driver. These exploits are not specific to Chrome and will be a threat to users of any web browser. Although not specifically Chrome's issue, we've [sic] decided to offer consolation prizes because these findings still help us toward our mission of making the entire web safer.

Multiple rewards will be given per category, on a first-come-first-served basis. The set of exploit bugs need to be "reliable, fully functional end to end, disjoint, of critical impact, present in the latest versions and genuinely 0-day". The exploits must not be submitted elsewhere before they are submitted to Google. The company will also be giving away Chromebooks to all the winners.

Courtesy : Techtree

Thanks to Jayesh Limaye

Share this post


Link to post
Share on other sites

Hum mein se kaun part le raha hai.

Kapil Google is calling you

Share this post


Link to post
Share on other sites

Parin bhai are you referring to me ??? I don't think so...

Share this post


Link to post
Share on other sites

Maybe google can help us..Let's try searching "Full Chrome exploit, how to"..:) :) :Sorprendido: :smartass:

  • Like 2

Share this post


Link to post
Share on other sites

^^^

Ha ha ha......sahi hai Patel Sahab. :)

Share this post


Link to post
Share on other sites

Couple of hackers able to hack chrome. they found a bug in chrome's native code and exploited it.

Source

At hacking contest, Google Chrome falls to third zero-day attack

chome_slayed_by_pink_pony-4f5a938-intro-thumb-640xauto-31402.jpg

"These kinds of things are finicky." Within seconds of this machine visiting a booby-trapped website, it was commandeered by a remote-code attack that exploited a fully patched version of Chrome.

Google's Chrome browser on Friday fell to a zero-day attack that pierced its vaunted security sandbox, the third such attack in as many days at a contest designed to test its resistance to real-world threats.

A teenage hacker who identified himself only as PinkiePie said he spent the past week and half working on the attack. It combined three previously unknown vulnerabilities to gain full system access to a Dell Inspiron laptop that ran a fully patched version of Chrome on top of the most up-to-date version of Windows 7. He spent the past three days holed up in hotel rooms and conference areas refining attack so it would break out of the sandbox, which was designed to prevent code-execution attacks like his, even when security bugs are identified.

"These kinds of things are finicky" PinkiePie told reporters as he finished a blueberry yogurt just minutes after making his booby-trapped website display a picture of a pink pony wielding a medieval axe. He said he "got lucky" because he found a way to break out of Google's sandbox relatively early and then spent the rest of the time identifying vulnerabilities that allowed him to remotely funnel code through the system.

PinkiePie said all three of the vulnerabilities resided in code that's native to Chrome. A Chrome security researcher, who asked not to be named because he wasn't authorized to speak to reporters, said his colleagues in Mountain View, California, were already analyzing the exploit and vulnerability details to confirm that account. If it pans out, the hack will qualify for a $60,000 prize, the top reward for the Pwnium contest Google is sponsoring at the CanSecWest conference in Vancouver.

Google is offering prizes of $60,000, $40,000 and $20,000 under the competition in an attempt to learn new strategies for fortifying Chrome against attacks that expose sensitive user data or take control of user machines.

PinkiePie is only the second contestant to enter the contest. Both have demonstrated attacks that allowed them to take control of Chrome users' machines when they do nothing more than browse to an attack site.

On Wednesday, a Russian researcher named Sergey Glaznov bundled two vulnerabilities into his own remote code-execution attack. Less than 24 hours later, Google shipped an update fixing the holes. At the separate Pwn2Own contest a few feet away, a team of researchers successfully exploited Chrome on Wednesday, but it's now almost certain that attack relied on Adobe Flash to break out of the safety perimeter.

The five vulnerabilities exposed during the third and final day of the contest are miniscule compared to the overall number of bugs Chrome's security team fixes each year. A member of the team said the value of Pwnium isn't in the number of bugs that come to light, but rather in the insights that come from watching how a reliable exploit is able to slip through carefully crafted defenses.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


×