Thursday, March 10, 2011

Google Chrome updated, not challenged at PWN2OWN 2011

Tuesday, Google updated several vulnerabilities a day before the PWN2OWN hacker's challenge.  In the update, Google paid out over $16,000 to researchers who found vulnerabilities/bugs within Chrome.  Makes you wonder why Microsoft refuses to pay people to find bugs in its software, doesn't it?

According to ComputerWorld, in an interview with Peter Vreugdenhil of HP TippingPoint (sponsor of PWN2OWN 2011), the systems being tested (computers and their OSs and browsers) were frozen two weeks ago, so these last minute patches issued by Google, Mozilla and Apple don't actually apply.

Turns out both Safari and IE were hacked; Chrome wasn't; no word on Firefox.  More telling, was that four contestants signed up to try to hack Safari; three signed up for IE; TippingPoint's blog says that there were two contestants signed up for both Firefox and Chrome, though other reports indicate there was only one person who signed up for Chrome -- the person didn't show up.

Google even offered an additional $20,000 for anyone that could find and exploit holes in Google-written code in Chrome (to break out of Chrome's sandbox).  Up next for days two and three of PWN2OWN, $10,000 for anyone that can break Chrome's sandbox from within non-Google written code.

Could be, that Chrome gets through PWN2OWN without even a challenge, just like last year; three years in a row that no one claims the prize against Chrome?

By the way, did anyone notice that it's been nearly 3 years since Microsoft introduced IE8 and the recently announced final release of IE9 next week?  That's a very long time between updates on major features!

No comments: