A group of hackers from France showed his skill to break into the security system of Google's browser, Chrome. This is the first security bobolnya Chrome, which is shown open to the public.In
a Pwn2Own competition in Canada, this group of hackers demonstrated
skill to penetrate the security system in the Google Chrome browser. Then, the hackers take over a Windows PC in less than five minutes.These results differ from last year's Pwn2Own competition. At that time, Chrome remained impregnable until the competition ends.This time, capable of mengendalkan broswser is Vupen, a French security company. Vupen
is a company full of controversy, because it often sells a software
flaws they find, for sale to agents of a government spy."We want to show that Chrome is not solved," said Chaoki Bekrar, head of corporate research is to ZDNet."Last
year, we saw a lot of headlines that say no one can control the Chrome.
We want to make sure Chrome on the drawbacks of this year," he said.Vupen used two previously unknown vulnerabilities to break the security of Chrome, which looks more robust than Firefox and Internet Explorer. This is because the browser was using "sandboxing".Meanwhile, Chrome, the second most popular browser in the world today, is effectively able to carry out the isolation to the rest of the operating system. Even if the software is hacked, the hacker can not fully control a computer.Large technology companies including Google, Microsoft and Facebook are not hostile to the hackers. They are now even working with the hackers and offered a reward for the discovery, especially if there are gaps in their security systems.Bekrar said his team was working six weeks before the competition to find a Chrome vulnerability. They also found ways to hack Firefox and Internet Explorer, but they do not want to show that Chrome can not be hacked."It's not easy to create a test to stop the exploitation of all the protection in the sandbox," he said. "I can say that Chrome is one of the safest browser," he said.Vupen said it would specify the details of how to stop the Google sandbox privacy technology to its users.Separately, Sergey Glazunov, Russian students also paved Chrome and claim the prize of U.S. $ 60,000. "It was an impressive exploitation," said Justin Schuh, of the Google Chrome team. "It required a deep understanding of how Chrome works. It's very difficult and that is why we pay U.S. $ 60,000," he said.Google Chrome is now the security update to patch the vulnerability.
We want to make sure Chrome on the drawbacks of this year," he said.Vupen used two previously unknown vulnerabilities to break the security of Chrome, which looks more robust than Firefox and Internet Explorer. This is because the browser was using "sandboxing".Meanwhile, Chrome, the second most popular browser in the world today, is effectively able to carry out the isolation to the rest of the operating system. Even if the software is hacked, the hacker can not fully control a computer.Large technology companies including Google, Microsoft and Facebook are not hostile to the hackers. They are now even working with the hackers and offered a reward for the discovery, especially if there are gaps in their security systems.Bekrar said his team was working six weeks before the competition to find a Chrome vulnerability. They also found ways to hack Firefox and Internet Explorer, but they do not want to show that Chrome can not be hacked."It's not easy to create a test to stop the exploitation of all the protection in the sandbox," he said. "I can say that Chrome is one of the safest browser," he said.Vupen said it would specify the details of how to stop the Google sandbox privacy technology to its users.Separately, Sergey Glazunov, Russian students also paved Chrome and claim the prize of U.S. $ 60,000. "It was an impressive exploitation," said Justin Schuh, of the Google Chrome team. "It required a deep understanding of how Chrome works. It's very difficult and that is why we pay U.S. $ 60,000," he said.Google Chrome is now the security update to patch the vulnerability.
No comments:
Post a Comment