Google Chrome hacked in Pwn2Own competition


(CBS News) They say ask and you shall receive. Well, that's exactly what happened to Google Wednesday when hackers went to work at taking down popular web browser Google Chrome at this year's applied securities conference CanSecWest 2012.

Google offers $1 million prize to hack Chrome

A contest called Pwn2Own challenges hackers to compromise web browser security so that software developers can address potential breaches. Last month, Google offered up $1 million in prizes to hackers at CanSecWest 2012, which is being held in Vancouver March 7-9.

Google withdrew sponsorship of Pwn2Own last week, PC World reported. However, the search engine giant offered a separate reward to the Pwn2Own contest called Pwnium.

According to previous reports from Ars Technica, "Chrome is currently the only browser eligible for Pwn2Own never to be brought down." That's not the case this year. A group of French hackers were able to take down Chrome in the first five-minutes of the competition.

"VUPEN, the controversial company that sells vulnerabilities and exploits to government customers, deliberately took aim at Chrome this year to send a simple message: no software is unbreakable if hackers have enough motivation to prepare and launch an attack," ZDNET reported.

"Google Chrome is the first browser to fall at#pwn2own 2012, we pwned it using an exploit bypassing DEP/ASLR and the sandbox ! We won 32 pts," @VUPEN tweeted.

The prizes at stake were doled out in three amounts: $20,000, $40,000 and $60,000. In order the claim the Pwnium prize, contestants had to reveal all vulnerabilities and hacking techniques used.

Although, Chrome was the first to be taken down, the hackers admitted that it was a directed effort. And, admitted that Google's web browser is the most secure.

"The Chrome sandbox is the most secure sandbox out there. It's not an easy task to create a full exploit to bypass all the protections in the sandbox. I can say that Chrome is one of the most secure browsers available," said Chaouki Bekrar, VUPEN co-founder and head of research.

Pwn2Own targeted four web browsers: Microsoft Internet Explorer, Apple Safari, Google Chrome and Mozilla Firefox. All computers must be running on the latest, updated version of Windows 7 or Mac OS X Lion.