Feeds

Google blats bugs in Chrome - days before $560k hacking contest

Ads giant stumps up cash, then raises the bar

Top 5 reasons to deploy VMware with Tegile

Pwn2Own 2013 Google patched 10 security vulnerabilities in its web browser Chrome on Monday - two days before the start of Pwn2Own, the annual hacking contest in which experts race to compromise software to win prizes.

The latest update fixes flaws in Chrome's Windows and Linux builds. Six of the 10 holes addressed are rated as "high" risk, the second highest severity rating.

The updates bolster the defences of Chrome ahead of Pwn2Own, which tees off on Wednesday at the CanSecWest security conference in Vancouver, Canada.

Boosting the browser's fortifications obviously benefits the web giant two-fold: if its product remains intact, it gets bragging rights over its rivals, who will also be targeted in the contest. And Google contributed to the competition's $560,000 prize fund, but presumably can claw back unclaimed cash.

Microsoft battled to secure all versions of its Internet Explorer browser, including versions 9 and 10, by issuing two updates in February that collectively squashed 14 security bugs. A cumulative IE update is a regular feature of the Windows giant's monthly Patch Tuesday, but pushing out two is highly unusual. It's suspected that Redmond's security gnomes may have been thinking ahead to Pwn2Own.

Meanwhile, Mozilla updated Firefox on 19 February, fixing eight security bugs in the process, again possibly with one eye towards Pwn2Own.

Pwn2Own 2013 expands the focus of the hackathon beyond phones and web browser vulnerabilities to include hacks that exploit vulnerabilities in Adobe Reader, Adobe Flash and Oracle Java. Prizes will be awarded according to a sliding scale of perceived difficulties. Successful hacks against Google Chrome on Windows 7 will earn $100,000, while pwning IE 9 on Windows 7 is worth $75,000 and Apple Safari on OS X Mountain Lion will earn up to $65,000.

By contrast, exploiting Oracle Java web browser plugins in Internet Explorer 9 on Windows 7 earns a maximum of $20,000, five times less than the maximum prize for hacking IE 10 on Windows 8 ($100,000). Tellingly, Java exploits also earn less than a third of the $70,000 prize for exploiting either Adobe Reader or Flash plugins for IE 9 on Windows 7, each of which earns $70,000. In total, $560,000 is up for grabs, a record prize fund.

Upon successful demonstration of an attack, the contestant will be required to provide HP's Zero Day Initiative (ZDI) a fully functioning exploit and all the details of the discovered vulnerability. HP's ZDI and Google are the main sponsors of this year's competition. Successful security researchers also gain possession of the kit they've hacked into as part of their prize, hence the Pwn2Own title of the competition. Past winners of the competition include Charlie Miller, serial exploiter of Apple bugs.

Unlike previous editions of the event, a prize for hacking into smartphones will not be a feature of this year's competition.

The third annual Google-organised Pwnium competition, also taking place at CanSecWest, offers a prize fund of $3,141,590 to researchers who can successfully crack the advertising giant's Chrome OS. Details of this parallel competition can be found in a blog post here. ®

Choosing a cloud hosting partner with confidence

More from The Register

next story
You really need to do some tech support for Aunty Agnes
Free anti-virus software, expires, stops updating and p0wns the world
Attack reveals 81 percent of Tor users but admins call for calm
Cisco Netflow a handy tool for cheapskate attackers
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
Oi, Europe! Tell US feds to GTFO of our servers, say Microsoft and pals
By writing a really angry letter about how it's harming our cloud business, ta
prev story

Whitepapers

Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
10 threats to successful enterprise endpoint backup
10 threats to a successful backup including issues with BYOD, slow backups and ineffective security.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Internet Security Threat Report 2014
An overview and analysis of the year in global threat activity: identify, analyze, and provide commentary on emerging trends in the dynamic threat landscape.