Well, I guess Google Chrome isn’t impenetrable after all. A total of $1 million in prizes was recently offered by Google to anyone who could exploit the Chrome browser and, for the most part, people failed. That has now changed. At the Google Pwnium hackathon, a Russian university student has been able to hack his way through the cloud OS and earn himself the top prize.
Sergey Glazunov is now $60,000 richer for having successfully hacked a PC running the Chrome browser. What has prevented earlier attempts is that Chrome has something called a “sandbox” that is designed to stop hackers from accessing user data even if they compromise the browser. Glazunov found an exploit to get around that, bypassing the security and successfully hacking into the PC.
As part of the competition, all successful hackers must tell Google how they did it, effectively giving Google the opportunity to patch up the security flaw before real hackers take advantage of it in real life. Interestingly, a security firm also hacked Chrome at HP’s Pwn2Own event, doing so in just five minutes. Chrome is still pretty secure, but this does show that it’s not invincible.