The Null Device

Last browser standing

Recently, the annual Pwn2Own contest took place; in it, participants try to take over a computer by exploiting security holes in a web browser, and capture the flag (in this case, a file on the computer's hard drive). This year, all the browsers but one fell; Firefox 3.6.2 (though it's not clear whether NoScript would have mitigated this), IE8 and Safari all fell; one of the hackers even pwned an (un-jailbroken) iPhone and made off with the SMS database. The one browser that remained standing: Google Chrome, not because it's bug-free, but because the sandbox mechanism makes exploiting bugs impractical:
"There are bugs in Chrome but they're very hard to exploit. I have a Chrome vulnerability right now but I don't know how to exploit it. It's really hard. They've got that sandbox model that's hard to get out of. With Chrome, it's a combination of things - you can't execute on the heap, the OS protections in Windows and the Sandbox."

There are no comments yet on "Last browser standing"

Want to say something? Do so here.

Post pseudonymously

Display name:
To prove that you are not a bot, please enter the text in the image into the field below it.

Your Comment:

Please keep comments on topic and to the point. Inappropriate comments may be deleted.

Note that markup is stripped from comments; URLs will be automatically converted into links.