Chrome Finally Hacked, but Now it is Safe Again!
Up until very recently (yesterday as I write this) Chrome had NOT been successfully hacked. Well, now Sergey Glaznov has successfully hacked it, but it is already patched for his hack! This is due to his winning a Google sponsored challenge to “pwn” their browser… but…
After the pwnage: Critical Google Chrome hole plugged in 24 hours
“Less than 24 hours after a Russian hacker pocketed $60,000 by exploiting a previously unknown critical vulnerability in Google Chrome, company developers released an update removing the security threat.
The quick turnaround underscores one of the key advantages of Google’s open-source browser: the speed in which highly complex bugs are fixed and updates are pushed out to users. By contrast, Microsoft, which must run updates through a battery of rigorous quality-assurance tests, often takes months to fix bugs of similar complexity.
A post published Thursday morning to the Google Chrome Release blog said technical details will be withheld until a majority of users have actually installed the fix. For now, it described the vulnerability as an ‘UXSS and bad history navigation’ issue and identified it as CVE-2011-3046.
Even after a more detailed description is published, it’s likely some characteristics will be withheld. Chrome is based on the WebKit, the same browser engine powering Apple Safari and many mobile browsers. Google researchers will likely be reluctant to provide information making it easier for hackers to compromise users of those systems until they’ve been updated as well.”