It's that time again folks, the hosting of the Pwn2Own hacking contest. This year has, for the first time, seen Google's Chrome browser fall almost immediately to two zero-day exploits, which had avoided discovery for the past three years.
The exploits make use of a use-after-free bug to bypass typical protection such as Data Execution Prevision (DEP) and Address Space Layout Randomization (ASLR), combined with a second exploit that allows execution of code, outside the safety of the Chrome sandbox.

Though exact details of the hack were not revealed, it's strongly suspected to be via a bundled Adobe Flash plugin, surprise surprise, which to function correctly requires a less stringent sandbox to run in.

The link for this article located at Hexus is no longer available.