nsane.forums Posted March 13, 2012 Share Posted March 13, 2012 Google is withholding technical details of the vulnerabilities and exploit technique, which has been described as “a beautiful piece of work.” Google has wasted no time fixing the security vulnerabilities exploited during last week’s CanSecWest Pwnium hacker contest. The company shipped Chrome version 17.0.963.79 on (Windows, Mac, Linux and Chrome Frame) as a “critical” update and confirmed the $60,000 cash award to the researcher who asked to be identified only as PinkiePie. Google is withholding technical details of the vulnerabilities and exploit technique, which has been described as “a beautiful piece of work.”[Like a b-b-b-b-boss!!! $60,000] [117620] [117656] Critical CVE-2011-3047: Errant plug-in load and GPU process memory corruption. Credit to PinkiePie.During the contest, PwniePie told me he exploited three different Chrome vulnerabilities but Google’s advisory on the fix only lists two bugs and a solitary CVE identification. PinkiePie’s submissions followed a similar drive-by download/code execution issue that won Russian researcher Sergey Glazunov the maximum $60,000 award. Both hacks included a full bypass of the Chrome sandbox. Google’s Jason Kersey said the two Pwnium vulnerability submissions are “works of art that deserve wider sharing and recognition.” “We plan to do technical reports on both Pwnium submissions in the future,” Kersey said. A third Chrome hack, believed to be linked to the Flash Player plugin, remains unpatched. View: Original Article Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.