Overclock.net › Forums › Industry News › Software News › [ars] Google Chrome exploit fetches "Pinkie Pie" $60,000 hacking prize
New Posts  All Forums:Forum Nav:

[ars] Google Chrome exploit fetches "Pinkie Pie" $60,000 hacking prize

post #1 of 17
Thread Starter 
Quote:


A hacker who goes by "Pinkie Pie" has once again subverted the security of Google's Chrome browser, a feat that fetched him a $60,000 prize and resulted in a security update to fix underlying vulnerabilities.

Ars readers may recall Pinkie Pie from earlier this year, when he pierced Chrome's vaunted security defenses at the first installment of Pwnium, a Google-sponsored contest that offered $1 million in prizes to people who successfully hacked the browser. At the time a little-known reverse engineer of just 19 years, Pinkie Pie stitched together at least six different bug exploits to bypass an elaborate defense perimeter designed by an army of some of the best software engineers in the world.

At the second installment of Pwnium, which wrapped up on Tuesday at the Hack in the Box 2012 security conference in Kuala Lumpur, Pinkie Pie did it again. This time, his attack exploited two vulnerabilities. The first, against Scalable Vector Graphics functions in Chrome's WebKit browser engine, allowed him to compromise the renderer process, according to a synopsis provided by Google software engineer Chris Evans.

Source specool.gif
post #2 of 17
I can never escape the ponies. In anything. Ever.
    
CPUMotherboardGraphicsRAM
i7-2600k 4.5GHz @ 1.32V Asus P8P67 Pro EVGA GTX 580 Mushkin 2133 9-10-9-24 
Hard DriveHard DriveCoolingOS
Samsung 840  WD Black Silver Arrow Windows 7 
MonitorKeyboardPowerCase
Dell U2211H Rosewill RK-9000BR Seasonic X750 HAF X 
MouseAudio
Razer Lachesis Grado HF2 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
i7-2600k 4.5GHz @ 1.32V Asus P8P67 Pro EVGA GTX 580 Mushkin 2133 9-10-9-24 
Hard DriveHard DriveCoolingOS
Samsung 840  WD Black Silver Arrow Windows 7 
MonitorKeyboardPowerCase
Dell U2211H Rosewill RK-9000BR Seasonic X750 HAF X 
MouseAudio
Razer Lachesis Grado HF2 
  hide details  
Reply
post #3 of 17
Looks like he could make a decent living out of doing this.
Animus
(22 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i7 3770K Asus Maximus V Formula Z77 EVGA GTX980Ti SC+ ACX 2.0+ 2 x 4GB Corsair Dominator GT 1866Mhz 
Hard DriveHard DriveCoolingCooling
Samsung 840 Pro 128GB 2 x WD 1TB Blue EZEX RAID0 EK Supremacy - Copper / Acetal EK Titan X & Backplate - Copper / Acetal 
CoolingCoolingCoolingCooling
EK 360XTX EK Spin Reservoir - Acetal Liang DDC / EK Top EK PSC Compression Fittings 
OSMonitorKeyboardPower
Windows 7 Professional 64bit 3 x Samsung P2450H 24" Filco Majestouch 2 - Cherry Blues Corsair TX750 
CaseMouseMouse PadAudio
Corsair 800D Razer Deathadder 2013 Razer Destructor 2 Creative Titanium HD 
AudioAudio
Fiio E9 Amplifier Beyerdynamic DT880 Premium (600 Ohm) 
  hide details  
Reply
Animus
(22 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i7 3770K Asus Maximus V Formula Z77 EVGA GTX980Ti SC+ ACX 2.0+ 2 x 4GB Corsair Dominator GT 1866Mhz 
Hard DriveHard DriveCoolingCooling
Samsung 840 Pro 128GB 2 x WD 1TB Blue EZEX RAID0 EK Supremacy - Copper / Acetal EK Titan X & Backplate - Copper / Acetal 
CoolingCoolingCoolingCooling
EK 360XTX EK Spin Reservoir - Acetal Liang DDC / EK Top EK PSC Compression Fittings 
OSMonitorKeyboardPower
Windows 7 Professional 64bit 3 x Samsung P2450H 24" Filco Majestouch 2 - Cherry Blues Corsair TX750 
CaseMouseMouse PadAudio
Corsair 800D Razer Deathadder 2013 Razer Destructor 2 Creative Titanium HD 
AudioAudio
Fiio E9 Amplifier Beyerdynamic DT880 Premium (600 Ohm) 
  hide details  
Reply
post #4 of 17
Quote:
Originally Posted by DayoftheGreek View Post

I can never escape the ponies. In anything. Ever.
i second that. but i think its a good thing!!!
shably
(8 items)
 
  
CPUMotherboardGraphicsRAM
Phenom II x4 955 880gm ud2h Saphire 6790 Vengence 8Gb 1600 lp 
CoolingOSCaseAudio
corsair A70 windows 7 64 bit home premium CM 690II Advanced Logitech z506 
  hide details  
Reply
shably
(8 items)
 
  
CPUMotherboardGraphicsRAM
Phenom II x4 955 880gm ud2h Saphire 6790 Vengence 8Gb 1600 lp 
CoolingOSCaseAudio
corsair A70 windows 7 64 bit home premium CM 690II Advanced Logitech z506 
  hide details  
Reply
post #5 of 17
19 years old, probably studying (likely something programming-related?). That's some nice cash. Going to keep an eye on the build logs in the coming weeks to see if I spot some overkill MLP-themed rig ^^ . And he probably earned him a spot at Google when he graduates, if he so chooses.

Either way, glad to see Google is applying fixes very fast and organizes "contests" like these. Glad to be a Chrome-user from pretty much day one.
I really liked the fact they pack their own version of Flash with faster security fixes thumb.gif
Quote:
Originally Posted by DayoftheGreek View Post

I can never escape the ponies. In anything. Ever.

Poor you biggrin.gif . I'm not really a brony though, I just like the series and I love monocles, top hats and pipes. I only have a pipe (2 actually) IRL frown.gif
Black Betty
(16 items)
 
  
Reply
Black Betty
(16 items)
 
  
Reply
post #6 of 17
19 years old? F_M_L
post #7 of 17
Thread Starter 
Quote:
Originally Posted by Crooksy View Post

Looks like he could make a decent living out of doing this.

Yeah, he seems to be very good at reverse engineering software code and finding bugs.
post #8 of 17
Damn...I should start sitting around trying to break browsers all day if it pays this well.

I never heard of a $60,000 prize for a vulnerability in Chrome...was this announced to the public or just certain circles? Or just something they made up on the spot?
My System
(16 items)
 
  
CPUMotherboardGraphicsGraphics
2600K @ 4.7GHz Asus P8P67 B3 GTX 580 EVGA Hydro Copper 2 GTX 580 EVGA  
RAMHard DriveOptical DriveOS
4x4GB G.Skill Ripjaws bunch of 'em Blu-Ray For movies Windows 8.1 
MonitorMonitorKeyboardPower
24.4" Hans G HH251 X2 Yamakasi DS270  Blah 1000watt Super Flower 
CaseMouseMouse PadAudio
Built into Desk Microsoft SideWinder X8 Comfy one... Creative Extreme Gamer 
  hide details  
Reply
My System
(16 items)
 
  
CPUMotherboardGraphicsGraphics
2600K @ 4.7GHz Asus P8P67 B3 GTX 580 EVGA Hydro Copper 2 GTX 580 EVGA  
RAMHard DriveOptical DriveOS
4x4GB G.Skill Ripjaws bunch of 'em Blu-Ray For movies Windows 8.1 
MonitorMonitorKeyboardPower
24.4" Hans G HH251 X2 Yamakasi DS270  Blah 1000watt Super Flower 
CaseMouseMouse PadAudio
Built into Desk Microsoft SideWinder X8 Comfy one... Creative Extreme Gamer 
  hide details  
Reply
post #9 of 17
Thread Starter 
Quote:
Originally Posted by Vagrant Storm View Post

Damn...I should start sitting around trying to break browsers all day if it pays this well.

I never heard of a $60,000 prize for a vulnerability in Chrome...was this announced to the public or just certain circles? Or just something they made up on the spot?

Re-read the third paragraph in the snippet of the OP.
post #10 of 17
Quote:
Originally Posted by Riou View Post

Re-read the third paragraph in the snippet of the OP.

Had to actually click the link...(lol work)...The Pwnium was actually released on a blog page a while back. I guess I don't typically follow Google's blog pages. There are likely thousands of them.
My System
(16 items)
 
  
CPUMotherboardGraphicsGraphics
2600K @ 4.7GHz Asus P8P67 B3 GTX 580 EVGA Hydro Copper 2 GTX 580 EVGA  
RAMHard DriveOptical DriveOS
4x4GB G.Skill Ripjaws bunch of 'em Blu-Ray For movies Windows 8.1 
MonitorMonitorKeyboardPower
24.4" Hans G HH251 X2 Yamakasi DS270  Blah 1000watt Super Flower 
CaseMouseMouse PadAudio
Built into Desk Microsoft SideWinder X8 Comfy one... Creative Extreme Gamer 
  hide details  
Reply
My System
(16 items)
 
  
CPUMotherboardGraphicsGraphics
2600K @ 4.7GHz Asus P8P67 B3 GTX 580 EVGA Hydro Copper 2 GTX 580 EVGA  
RAMHard DriveOptical DriveOS
4x4GB G.Skill Ripjaws bunch of 'em Blu-Ray For movies Windows 8.1 
MonitorMonitorKeyboardPower
24.4" Hans G HH251 X2 Yamakasi DS270  Blah 1000watt Super Flower 
CaseMouseMouse PadAudio
Built into Desk Microsoft SideWinder X8 Comfy one... Creative Extreme Gamer 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Software News
Overclock.net › Forums › Industry News › Software News › [ars] Google Chrome exploit fetches "Pinkie Pie" $60,000 hacking prize