Chrome 33 Code Execution Flaws Discovered by Vupen and Anonymous Researcher Fixed

Posted on April 03, 2014 by .

Share and Enjoy:
Follow Me on Pinterest More More

From time to time there are flaws and vulnerabilities found without popular software by researchers who do a favor to the company who developed the effected application. One of the recent discoveries made of a flaw was found within Google Chrome version 33 where contestants at Pwn2Own2014 where a flaw was found even after Google updated Chrome with a fix to address 7 security holes.

Experts from Vupen and an anonymous researcher were able to find vulnerabilities that could be exploited for code execution within the latest Google Chrome build. Basically, Chrome was broke with two exploits where one was a memory corruption and the other was where malicious code could be executed outside the sandbox.

During the Pwn2Own2014 competition one of the experts who broke Chrome was awarded with $60,000 for the findings. Vupen, who broke Chrome also, collectively walked away with $850,000 in prize money for their findings while the Chrome code execution found outside a sandbox was a feat that granted them $100,000 of that total prize.

“We’re delighted at the success of Pwn2Own and the ability to study full exploits. We anticipate landing additional changes and hardening measures for these vulnerabilities in the near future,” said Anthony Laforge, technical program manager at Google Chrome.

Conferences like the Pwn2Own2014 have more of a purpose than simply breaking software and finding flaws with in it. In the case of Chrome being broken, it gave Google a chance to address the issues directly by fixing the flaws and potentially making Chrome more of a secure product.

Popularity: 2%


Leave a Reply

*
To prove you're a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.
Click to hear an audio file of the anti-spam word