Google Chrome pwned in final Mobile Pwn2Own hack

Summary:After day 1 saw the compromise of iOS 6 and 7 through Safari and the Samsung Galaxy S4 through Samsung apps, Google Chrome on the Nexus 4 and Samsung Galaxy S4 was fully-compromised. The competition is now over. [UPDATE: The bugs are fixed.]

Google Chrome is the last product to fall in Mobile Pwn2Own 2013, sponsored by HP's Zero Day Initiative. Yesterday, on day 1 of the 2 day competition at PacSec Tokyo 2013, iOS 6 and 7 and the Samsung Galaxy S4  were hacked .

Chrome was taken down by "Pinkie Pie" (no further identification is provided). The attacks were demonstrated first on a Google Nexus 4 and then on a Samsung Galaxy S4.

[UPDATE: Google has already patched the Chrome bugs demonstrated by Pinkie Pie.]

Pinkie Pie won the full $50,000 award for using two vulnerabilities in Chrome, first an integer overflow to get remote code execution, then another unspecified vulnerability which resulted in a full sandbox escape. The vulnerabilities have been reported to Google.

These vulnerabilities would allow an attacker to take full control of the device.

Topics: Security


Larry Seltzer has long been a recognized expert in technology, with a focus on mobile technology and security in recent years. He was most recently Editorial Director of BYTE, Dark Reading and Network Computing at UBM Tech. Prior to that he spent over a decade consulting and writing on technology subjects, primarily in the area of sec... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.