Menu
Google fixes Chrome vulnerabilities exploited at Pwn2Own contest

Google fixes Chrome vulnerabilities exploited at Pwn2Own contest

New versions of Chrome for Windows, Mac, Linux and Android patch a full sandbox escape vulnerability

Google released emergency security updates for Chrome in order to patch critical vulnerabilities demonstrated Thursday by a security researcher at the Mobile Pwn2Own hacking competition.

The vulnerabilities were exploited by a security researcher who uses the pseudonym Pinkie Pie to achieve arbitrary code execution on a Nexus 4 and a Samsung Galaxy S4 device, earning him a prize of US$50,000 in the contest.

Following Pinkie Pie's demonstration, the vulnerabilities were reported to Google, which took less than a day to fix them and push out new patches.

Even though the researcher demonstrated his exploit on Chrome for Android, Google also fixed the vulnerabilities in Chrome for Windows, Mac and Linux, as well as in Chrome Frame plug-in for Internet Explorer.

Google describes the vulnerabilities only as "multiple memory corruption issues," but the Pwn2Own contest organizers said Pinkie Pie's attack exploited an integer overflow and a separate vulnerability that allowed for a full sandbox escape.

Google Chrome's application sandbox separates the browser's processes from the operating system, making it difficult to achieve arbitrary code execution. Pinkie Pie demonstrated Chrome sandbox escape exploits before in 2012, as part of Google's own Pwnium contests.

Google released version 31.0.1650.57 of Chrome for Windows, Mac and Linux; Chrome Frame 31.0.1650.57 and Chrome for Android version 31.0.1650.59 to address the vulnerabilities.

In addition to fixing security and stability issues, the new version of Chrome for Android adds support for printing on Android KitKat devices and enhances autofill on websites that support requestAutocomplete, Google said in the release notes.


Follow Us

Join the newsletter!

Error: Please check your email address.

Tags patchesapplicationsGooglesecuritybrowserspatch managementsoftwareExploits / vulnerabilities

Featured

Slideshows

Meet the top performing HP partners in NZ

Meet the top performing HP partners in NZ

HP honoured leading partners across the channel at the Partner Awards 2017 in New Zealand, recognising excellence across the entire print and personal systems portfolio.

Meet the top performing HP partners in NZ
Tech industry comes together as Lexel celebrates turning 30

Tech industry comes together as Lexel celebrates turning 30

Leading figures within the technology industry across New Zealand came together to celebrate 30 years of success for Lexel Systems, at a milestone birthday occasion at St Matthews in the City.​

Tech industry comes together as Lexel celebrates turning 30
HP re-imagines education through Auckland event launch

HP re-imagines education through Auckland event launch

HP New Zealand held an inaugural Evolve Education event at Aotea Centre in Auckland, welcoming over 70 principals, teachers and education experts to explore ways of shaping and enhancing learning using technology.

HP re-imagines education through Auckland event launch
Show Comments