Google has always been good about offering money to those who find vulnerabilities in their systems, and this particular case is no different. MWR Labs has won a $100,000 prize for finding a way to get into Windows from Chrome.
The Pwn2Own competition takes place every year in Vancouver. This year, MWR took a fully patched version of Google, hacked it, and then took control of Windows 7 using just the browser. MWR Labs showed people at the competition that if a Chrome user visits a malicious Web page, the page’s creator can exploit the vulnerability they pointed out to gain access to Windows 7 with little more than a keyboard and a kernel vulnerability.
The researchers said this exploit happened without changing any of the default settings in either Chrome or on Windows 7. “Google Chrome is one of the most widely used Web browsers globally, and was perceived to be the hardest target in the competition,” said the very excited researchers. “The reason Chrome was chosen as the target for the demonstration is to encourage understanding, as a security breach of this nature could expose millions of users to serious risk.”
MWR labs refused to discuss the code they exploited to get around Chrome’s security measures, but they did share it with both Microsoft and Google so both can provide patches to fix the security problem within the next few weeks.