Chrome hacked in five minutes

[Simon]

Google's browser was hacked within only five minutes as part of annual security contest.

Pwn2Own is an annual browser hacking contest held at CanSecWest in Vancouver. This year, following a disagreement with contest organisers Tipping Point over vulnerability disclosures, Google held its own competition at the same conference, offering a total of $1 million in potential prize money.

After avoiding being successfully attacked for three years thanks largely to its sandbox, which locks down executable code to prevent damage, Chrome was hacked at both Pwn2Own and Google's Pwnium.

For the former, Vupen Security's team used a pair of zero-day flaws - one targeting Windows, the other targeting Chrome's sandbox - to hack the browser mere minutes into the start of the contest.

While the hack only took five minutes to execute, Vupen has been developing the attack against Chrome's sandbox for six weeks, Bekrar told ZDNet.

Read more: http://www.pcpro.co.uk/news/security/373426/chrome-hacked-in-five-minutes

[Steve]

Don't know which OS Chrome was on but certainly IE and Safari were on old OSs, however since they all been hacked I can use which I choose.

[Technical Ben]

Yep. With a big enough hammer, every lock looks like a nail...

Wait a sec... 

[Niall]

So basically this article is purely designed to make you read it, based on the fact it took 5 minutes to hack, which technically isn't true as it took 6 weeks to develop the method to allow the 5 minute attack. I hate journalism like this 

[gizmo71]

So basically this article is purely designed to make you read it, based on the fact it took 5 minutes to hack, which technically isn't true as it took 6 weeks to develop the method to allow the 5 minute attack. I hate journalism like this 

That part of it seems like a reasonable statement; imagine a car thief who spends six weeks developing a technique for stealing a particular type of car. Is that six weeks of interest, or would owners of that car be more interested in how many minutes it takes to steal their individual car?

[Technical Ben]

Yep. We have seen it too. Cars recalled because the key/RF lock is no good and can be hacked. I hear the likes of David Beckam lost a few that way. 

I think the reason people treat the browsers differently on security, is because the companies do. Microsoft were known to be either too naive ("no one would try to hack a browser, right?") or not putting enough effort into security ("We will allow our plugins to have full OS control").
Where as Apple, Google and Mozilla seem to think more about security and their customers than their bottom line (well, with the exception of Apple and Google, who at least think of both ).

[TheMonkey]

So basically this article is purely designed to make you read it, based on the fact it took 5 minutes to hack, which technically isn't true as it took 6 weeks to develop the method to allow the 5 minute attack. I hate journalism like this 

I agree. The last event Safari was hacked which again, had been worked on for a few weeks by the hacker and also patched by Apple but the event was able to use the unpatched version.

Pointless really.