Chrome Patch Corrects Pwnium Security Flaws
Google has releasd an advisory patching security holes exploited by a Russian university student as part of this year's Pwnium hacker challenge.
Russian university student Glazunov hacked into a fully patched Windows 7 machine with a pair of Chrome zero-day flaws as part of this year's Pwnium hacker challenge. he Chrome's engineers have responed immediately with the
updated v17.0.963.78 of the browser released today for Windows, Mac, Linux and Chrome Frame.
The release fixes issues with Flash games and videos, along with the security fix related to "UXSS and bad history navigation", according to Google.
Glazunov was awarded $60,000 by Google for the successful hack of the Chrome, at this year's Pwnium hacker challenge.
Glazunov's exploit also bypassed the Chrome sandbox to execute code with full permissions of the logged on user.
The Google browser was also popped by a hacking team from VUPEN and there's speculation that a vulnerability in the Flash Player plugin was exploited in that attack. The Flash Player plugin in Chrome runs in a weaker sandbox than the full browser.
The release fixes issues with Flash games and videos, along with the security fix related to "UXSS and bad history navigation", according to Google.
Glazunov was awarded $60,000 by Google for the successful hack of the Chrome, at this year's Pwnium hacker challenge.
Glazunov's exploit also bypassed the Chrome sandbox to execute code with full permissions of the logged on user.
The Google browser was also popped by a hacking team from VUPEN and there's speculation that a vulnerability in the Flash Player plugin was exploited in that attack. The Flash Player plugin in Chrome runs in a weaker sandbox than the full browser.
