Google’s web browser Chrome has been praised as one of the most secure web browsers available due to the security features that were built into the browser. One such feature is sandboxing which allows a piece of code the ability to run in a restricted environment but does not allow it any I/O access such as the ability to write to the hard disk. Sandboxing has played a huge part in making Chrome as secure as it is. For three years Google participated in an event called Pwn2own which is a competition to find security holes in popular web browsers in the hopes of learning if there were any holes in Chrome that need to be addressed. Pwn2own has laptops setup running fully patched versions of Mac OS X and Windows 7 with Internet Explorer, Safari, Firefox and Chrome. Each year Chrome came through unscathed. This year though Google opted not to take part in Pwn2own and instead created their own competition named Pwnium. Here they have offered contestants money for finding and exploiting security holes. At Pwnium a full exploit was discovered by Sergey Glazunov. The details of the exploit have not been released yet but what is known is that Sergey managed to bypass the sandbox and gain full control of the computer using the access rights of the currently logged on user. Google has quickly patched the exploit and released it via Chrome’s automatic update feature.
I personally have to applaud the efforts of the software companies who take part in Pwn2own and Google with their Pwnium competition in trying to make the web a safer place for everyone. If you’re reading this and have questions in regards to security for your network then contact us and find out how we can assist you.