Money may not be able to buy happiness, but it sure can buy a lot of other things. Google has recently been exploiting this fact by using it to buy hackers, essentially. After offering $1 million in prizes to potential hackers as a part of their Pwnium contest, Google is going to have to pay up, about which I’m sure they’re happy. On the very first day, Russian University student Sergey Glazunov cracked Chrome wide open, snagging a $60,000 prize, marking the first time Chrome has been hacked in a public competition. He wasn’t the only one to pull it off either.
Along with Glazunov, a team from VUPEN security also managed to hack Chrome into doing some things it’s not supposed to do, within the first 5 minutes of the competition. It looks like the money attracted some real talent. Obviously, the details of the hacks aren’t exactly open to the public, but we do know a little bit about the severity.
Glazunov’s hack, in particularly, is a biggie. First of all, he took home the largest prize, reserved for really crazy exploits, so you can infer a lot from that. According to ZDNet, the hack allowed Glazunov to bypass Chrome’s “sandbox”, which aims to make sure hackers can’t come in through Chrome and escape into the user’s system. This is exactly what Glazunov managed to do. He’s now $60,000 richer and Chrome is soon to be that much more secure.
The downside for Google here is that they can no longer talk about how Google Chrome has remained unbreached contest after contest. On the other hand, they’ll probably be increasing their security by leaps and bounds, and considering the kind of money they’ve been waving around, I think it’s safe to say that was their primary goal. You can keep an eye on the contests as it proceeds here. And remember all you script kiddies out there, it may be more work, but it’s better to really learn the trade, because then you can go legit and make bank.
(via Forbes)
- More details on the Google Pwnium competition
- This is pretty important, Chrome is very widely used
- And it’s finally coming to Android!
