nsane.forums Posted May 19, 2009 Share Posted May 19, 2009 Although remaining un-cracked at the last Pwn2Own, Google now says Chrome shared the same vulnerability as other browsers at the time.Google says this was not revealed then because, although Chrome's developers had actually mentioned the bug on the Google bug database the very day the competition took place they decided to backtrack and keep quiet about the problem out of consideration for the Apple Safari developers.The vulnerability itself was in WebKit, the open source rendering engine which is used both by Chrome and Safari. Larson says the problem is with WebKit's handling of SVGList objects and an exploit would require tricking the user into visiting a malicious web site. However the reason that Chrome proved more resilient during the contest was that it employs "sandbox" security to block system access. A successful exploit of the WebKit vulnerability would only allow an attacker to run code within the limits of the sandbox. Internet Explorer 7 & 8 running under Vista or the upcoming Windows 7 also utilize a sandbox defense. View: Original Article Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.