by a Thinker, Sailor, Blogger, Irreverent Guy from Madras

Google Chrome 25 fixes Pwn2Own exploit

Wow!  Just a few hours back Firefox released 19.0.2 to fix a security exploit showcased in Canwest Pwn2Own contest in Vancouver, Canada.  All the 3 major browsers, IE10, Google Chrome 25 and Firefox 19.0.1, were hacked - though in different ways.

Within hours (minutes ??) Google also released a bug fix update Chrome 25.  25.0.1364.160 for Windows, Mac, and Linux and fixes a Type confusion in WebKit.

As per MWR labs blog, they demonstrated a full sandbox bypass exploit against the latest stable version of the Google Chrome 25.0.1364.152  browser on a Windows 7 laptop.

MWR demonstrated that by visiting a malicious webpage,  it was possible to exploit a vulnerability, gain code execution in the sandboxed renderer process and bypass the sandbox with system privileges.

Again, this is a history of sorts.  Google Chrome fixing a browser within 24 hours of a security exploit disclosure.  So update to Google Chrome 25.0.1364.160, to close the breach.

Way to go Google and Mozilla.  Quick work.  Impressive!


No comments:

Post a Comment

Support - Donate

Your Blog is

Donate thro ECWID

Contact Form

Follow by Email