Google Chrome 25 fixes Pwn2Own exploit

Wow!  Just a few hours back Firefox released 19.0.2 to fix a security exploit showcased in Canwest Pwn2Own contest in Vancouver, Canada.  All the 3 major browsers, IE10, Google Chrome 25 and Firefox 19.0.1, were hacked - though in different ways.

Within hours (minutes ??) Google also released a bug fix update Chrome 25.  25.0.1364.160 for Windows, Mac, and Linux and fixes a Type confusion in WebKit.

As per MWR labs blog, they demonstrated a full sandbox bypass exploit against the latest stable version of the Google Chrome 25.0.1364.152  browser on a Windows 7 laptop.

MWR demonstrated that by visiting a malicious webpage,  it was possible to exploit a vulnerability, gain code execution in the sandboxed renderer process and bypass the sandbox with system privileges.

Again, this is a history of sorts.  Google Chrome fixing a browser within 24 hours of a security exploit disclosure.  So update to Google Chrome 25.0.1364.160, to close the breach.

Way to go Google and Mozilla.  Quick work.  Impressive!


google_chrome_25_fixes_pwn2own_exploit

No comments:

Post a Comment

This blog uses the Disqus commenting system. If you try to post comments through the usual Blogger comment form, they will not appear on the Blog.