Overclock.net › Forums › Industry News › Software News › [FB] 19 Chrome Bugs Fixed in Preparation for Pwn2Own Hacking Contest
New Posts  All Forums:Forum Nav:

[FB] 19 Chrome Bugs Fixed in Preparation for Pwn2Own Hacking Contest

post #1 of 12
Thread Starter 
Quote:
Nine researchers were paid a total of $14,000 in bug bounties for bringing the Chrome bugs to Google’s attention. The company then promptly patched them last Monday.

Pwn2Own, an annual hacking contest that takes place at the CanSecWest security conference in Vancouver, British Columbia, was most likely the trigger for the updates, for Google fixed security flaws a week before last year’s Pwn2Own contest as well.
Read.

I am excited to see if Chrome will hold on this year.
Battle Station
(13 items)
 
  
CPUMotherboardGraphicsRAM
Dual Xeon E5520 Quad Core @ 2.27GHz ASUS Z8NA-D6 Aspeed AST2050 6 GB DDR3 
Hard Drive
2 x 500 GB 
  hide details  
Reply
Battle Station
(13 items)
 
  
CPUMotherboardGraphicsRAM
Dual Xeon E5520 Quad Core @ 2.27GHz ASUS Z8NA-D6 Aspeed AST2050 6 GB DDR3 
Hard Drive
2 x 500 GB 
  hide details  
Reply
post #2 of 12
Isn't that kind of cheating the system?
post #3 of 12
Quote:
Originally Posted by CorkyFan View Post
Isn't that kind of cheating the system?
Isn't hacking cheating the system? (Generally)

I think it's just more of a challenge
XBMC HTPC
(10 items)
 
Echo One
(17 items)
 
 
CPUMotherboardGraphicsRAM
Phenom II X4 925 MSI 890FXA-GD70 EVGA GT 610 2GB CORSAIR Vengeance 16GB DDR3 1600 
Hard DriveCoolingOSKeyboard
Western Digital Caviar Black 1TB WD1002FAEX  Xigmatek Gaia XBMCBuntu 11.04 Generic Dell crap 
PowerCase
Coolmax 700W Apevia X-Jupiter-Jr Midtower 
CPUMotherboardGraphicsRAM
Intel 4670K MSI Z87 AC ITX MSI GTX 760 ITX G.SKILL Sniper Series 2x8GB 
Hard DriveHard DriveCoolingOS
Samsung 850 Evo Western Digital Caviar Black Stock Intel Heatsink Windows 10 Home 
MonitorMonitorMonitorKeyboard
LG 25UM57 LG IPS226V-PN LG IPS226V-PN Logitech G910 Orion Spark 
CaseMouseMouse PadAudio
EVGA Hadron Hydro Logitech G502 Proteus Core SteelSeries QCK+  Corsair SP2500 
Audio
Corsair Vengeance 2000  
  hide details  
Reply
XBMC HTPC
(10 items)
 
Echo One
(17 items)
 
 
CPUMotherboardGraphicsRAM
Phenom II X4 925 MSI 890FXA-GD70 EVGA GT 610 2GB CORSAIR Vengeance 16GB DDR3 1600 
Hard DriveCoolingOSKeyboard
Western Digital Caviar Black 1TB WD1002FAEX  Xigmatek Gaia XBMCBuntu 11.04 Generic Dell crap 
PowerCase
Coolmax 700W Apevia X-Jupiter-Jr Midtower 
CPUMotherboardGraphicsRAM
Intel 4670K MSI Z87 AC ITX MSI GTX 760 ITX G.SKILL Sniper Series 2x8GB 
Hard DriveHard DriveCoolingOS
Samsung 850 Evo Western Digital Caviar Black Stock Intel Heatsink Windows 10 Home 
MonitorMonitorMonitorKeyboard
LG 25UM57 LG IPS226V-PN LG IPS226V-PN Logitech G910 Orion Spark 
CaseMouseMouse PadAudio
EVGA Hadron Hydro Logitech G502 Proteus Core SteelSeries QCK+  Corsair SP2500 
Audio
Corsair Vengeance 2000  
  hide details  
Reply
post #4 of 12
Quote:
Originally Posted by darthjoe229 View Post
Isn't hacking cheating the system? (Generally)

I think it's just more of a challenge
Well the way this contest works is, people spend up to a year finding an exploit (or more), and then they keep it a secret until this contest, and then hack the browser in those 3 days to win $10,000. Since this is often used by people in arguing which browser is "better" and more "secure", Google is offering more money ($14,000) for people to give up their secret exploits a week before the contest. So generally speaking, it's unlikely Google's browser gets hacked this year, not because it's secure, but because Google by-passed the event with their money...

This is the equivelent to paying off judges to vote your browser best in a contest. The judges in this case are the hackers.
post #5 of 12
Quote:
Originally Posted by CorkyFan View Post
Well the way this contest works is, people spend up to a year finding an exploit (or more), and then they keep it a secret until this contest, and then hack the browser in those 3 days to win $10,000. Since this is often used by people in arguing which browser is "better" and more "secure", Google is offering more money ($14,000) for people to give up their secret exploits a week before the contest. So generally speaking, it's unlikely Google's browser gets hacked this year, not because it's secure, but because Google by-passed the event with their money...

This is the equivelent to paying off judges to vote your browser best in a contest. The judges in this case are the hackers.
Errr...? $14,000 was paid to nine people, in total. If this contest awards people 10k...don't know how this would be Google offering more money since not one person received the 14,000. Whether seen as a loophole or not it is nice to see Google caring about their browser being more secure than the rest, you dont see Mozilla shelling out money for holes.
Dayz'd(0)
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7 920 d0 (Batch:391A238) 3.8@1.19 vcore ASUS P6T DELUXE V2 Sapphire&Gigabyte 6950's Xfire (unlocked) OCZ Gold 6GB (3 x 2GB) DDR3 1600 8-8-8-24 
Hard DriveOptical DriveOSMonitor
Corsair C300 64GB Western Digital 1TB LG 22X DVD±R DVD Burner Windows 7 x64 Eyefinity - (3) 22" Acer Widescreen & 40" Sony ... 
PowerCase
CORSAIR 750TX Antec Nine Hundred 
  hide details  
Reply
Dayz'd(0)
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7 920 d0 (Batch:391A238) 3.8@1.19 vcore ASUS P6T DELUXE V2 Sapphire&Gigabyte 6950's Xfire (unlocked) OCZ Gold 6GB (3 x 2GB) DDR3 1600 8-8-8-24 
Hard DriveOptical DriveOSMonitor
Corsair C300 64GB Western Digital 1TB LG 22X DVD±R DVD Burner Windows 7 x64 Eyefinity - (3) 22" Acer Widescreen & 40" Sony ... 
PowerCase
CORSAIR 750TX Antec Nine Hundred 
  hide details  
Reply
post #6 of 12
Quote:
Originally Posted by DayzaStarr View Post
Errr...? $14,000 was paid to nine people, in total. If this contest awards people 10k...don't know how this would be Google offering more money since not one person received the 14,000. Whether seen as a loophole or not it is nice to see Google caring about their browser being more secure than the rest, you dont see Mozilla shelling out money for holes.
http://www.conceivablytech.com/5914/...security-fixes

It was $14,000 per person, to 9 people, for a total of $126,000. The OP article is confusing or understood it wrong.

Quote:
Whether seen as a loophole or not it is nice to see Google caring about their browser being more secure than the rest.
They don't care about security because they waited to patch the browser. They could have saved $126,000 if they just waited an extra week and gotten the exploits for free. Instead they cheated.
post #7 of 12
If they waited, then Chrome would be one of the most secured browser in the world.
post #8 of 12
Oh, so fixing the bugs because your users might be inconvenienced isn't why you fix bugs? You do it because you want some e-peen at a contest?

-9001 points, Google. Bugfixes shouldn't be released just because there's a hacking contest coming up. They should be released as soon as the bugs are detected and fixed.
Boot to the Head!
(13 items)
 
  
CPUMotherboardGraphicsRAM
Athlon64 X2 4200+ @ stock Epox 9NPA+SLI XFX 8800GS 384 4x1GB G.Skill DDR400 @ stock 
Hard DriveOptical DriveOSMonitor
120GB WD + 1TB WD GP + 320GB WD AAJS Mystery DVD-RW Vista Ultimate x64! ViewSonic P220F CRT + KDS 15" CRT 
KeyboardPowerCaseMouse
$3 Compaq keyboard with pretty aluminum finish ThermalTake PurePower 500W Rosewill R230-P-BK Wired Optical 
Mouse Pad
Table. Mouse pads are overrated 
  hide details  
Reply
Boot to the Head!
(13 items)
 
  
CPUMotherboardGraphicsRAM
Athlon64 X2 4200+ @ stock Epox 9NPA+SLI XFX 8800GS 384 4x1GB G.Skill DDR400 @ stock 
Hard DriveOptical DriveOSMonitor
120GB WD + 1TB WD GP + 320GB WD AAJS Mystery DVD-RW Vista Ultimate x64! ViewSonic P220F CRT + KDS 15" CRT 
KeyboardPowerCaseMouse
$3 Compaq keyboard with pretty aluminum finish ThermalTake PurePower 500W Rosewill R230-P-BK Wired Optical 
Mouse Pad
Table. Mouse pads are overrated 
  hide details  
Reply
post #9 of 12
Quote:
Originally Posted by CorkyFan View Post
http://www.conceivablytech.com/5914/...security-fixes

It was $14,000 per person, to 9 people, for a total of $126,000. The OP article is confusing or understood it wrong.



They don't care about security because they waited to patch the browser. They could have saved $126,000 if they just waited an extra week and gotten the exploits for free. Instead they cheated.
Wrong...

It was $14,000 TOTAL

Full of Class
(15 items)
 
  
CPUMotherboardGraphicsRAM
i7 4770k @ 4.8Ghz (delidded) ASUS Sabertooth Z87 EVGA GTX 780 Ti Classified 16GB Corsair Dominator Platinum 
Hard DriveHard DriveOptical DriveCooling
500GB Samsung EVO SSD Western Digital 2TB Caviar Black 7200rpm Samsung DVD RW Corsair H100i 
OSMonitorKeyboardPower
Windows 8 64-bit Dell UltraSharp U2713H 27" 1440p Ducky shine  Corsair AX860i 
CaseMouse
Corsair obsidian 650D Razer Mamba 
  hide details  
Reply
Full of Class
(15 items)
 
  
CPUMotherboardGraphicsRAM
i7 4770k @ 4.8Ghz (delidded) ASUS Sabertooth Z87 EVGA GTX 780 Ti Classified 16GB Corsair Dominator Platinum 
Hard DriveHard DriveOptical DriveCooling
500GB Samsung EVO SSD Western Digital 2TB Caviar Black 7200rpm Samsung DVD RW Corsair H100i 
OSMonitorKeyboardPower
Windows 8 64-bit Dell UltraSharp U2713H 27" 1440p Ducky shine  Corsair AX860i 
CaseMouse
Corsair obsidian 650D Razer Mamba 
  hide details  
Reply
post #10 of 12
lol @ how many their own team found
My beloved system
(13 items)
 
  
CPUMotherboardGraphicsRAM
Q6600 @ 3.4 (1.4V) GA-P35-DS3 MSI Twin Frozr II/OC GTX560 Ti 2GB OCZ DDR2 800Mhz 
Hard DriveOptical DriveOSMonitor
80GB raptor + 160GB SG + 500GB SG DL Super Writemaster Vista Home 32bit 226BW SyncMaster Samsung 22" 
KeyboardPowerCaseMouse
Logitech 650W Be Quiet! Antec P180 G5 Laser Mouse v2 
  hide details  
Reply
My beloved system
(13 items)
 
  
CPUMotherboardGraphicsRAM
Q6600 @ 3.4 (1.4V) GA-P35-DS3 MSI Twin Frozr II/OC GTX560 Ti 2GB OCZ DDR2 800Mhz 
Hard DriveOptical DriveOSMonitor
80GB raptor + 160GB SG + 500GB SG DL Super Writemaster Vista Home 32bit 226BW SyncMaster Samsung 22" 
KeyboardPowerCaseMouse
Logitech 650W Be Quiet! Antec P180 G5 Laser Mouse v2 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Software News
Overclock.net › Forums › Industry News › Software News › [FB] 19 Chrome Bugs Fixed in Preparation for Pwn2Own Hacking Contest