Annual Hacker Competition sees researchers target Chrome
Source: Hexus - Posted by Anthony Pell   
Vendors/Products It's that time again folks, the hosting of the Pwn2Own hacking contest. This year has, for the first time, seen Google's Chrome browser fall almost immediately to two zero-day exploits, which had avoided discovery for the past three years. The exploits make use of a use-after-free bug to bypass typical protection such as Data Execution Prevision (DEP) and Address Space Layout Randomization (ASLR), combined with a second exploit that allows execution of code, outside the safety of the Chrome sandbox.

Though exact details of the hack were not revealed, it's strongly suspected to be via a bundled Adobe Flash plugin, surprise surprise, which to function correctly requires a less stringent sandbox to run in.

Read this full article at Hexus

Only registered users can write comments.
Please login or register.

Powered by AkoComment!