Google rushes out Chrome patch for Pwnium zero-day flaws

Summary:According to a Google advisory, the zero-day flaws related to universal cross-site scripting (UXSS) and bad history navigation.

VANCOUVER -- The Google Chrome security team wasted no time fixing the gaping security holes exploited by a Russian university student as part of this year's inaugural Pwnium hacker challenge.

Less than 24 hours after Sergey Glazunov hacked into a fully patched Windows 7 machine with a pair of Chrome zero-day flaws, Google rushed out a patch for Windows, Mac OS X, Linux and Chrome Frame users.

Technical details of the vulnerabilities are being kept under wraps until the patch is pushed out via the browser's silent/automatic update mechanism.

follow Ryan Naraine on twitter

According to Google's advisory, the flaws related to universal cross-site scripting (UXSS) and bad history navigation.

  • [Ch-ch-ch-ch-ching!!! $60,000] [117226] [117230] Critical CVE-2011-3046: UXSS and bad history navigation. Credit to Sergey Glazunov.

Glazunov's exploit also bypassed the Chrome sandbox to execute code with full permissions of the logged on user.

The Google browser was also popped by a hacking team from VUPEN and there's speculation that a vulnerability in the Flash Player plugin was exploited in that attack.  VUPEN co-founder Chaouki Bekrar told me that the flaw existed in the default installation of Chrome but he declined to say if the faulty code was created by Google or a third-party vendor.

The Flash Player plugin in Chrome runs in a weaker sandbox than the full browser and has always been a tempting target for attackers.

Google is working on putting Flash within the more robust plugin and I'd told this will happen before the end of this year.

ALSO SEE:

  • Pwn2Own 2012: Google Chrome browser sandbox first to fall
  • CanSecWest Pwnium: Google Chrome hacked with sandbox bypass
  • Charlie Miller skipping Pwn2Own as new rules change hacking game
  • CanSecWest Pwn2Own hacker challenge gets a $105,000 makeover
  • Topics: Security, Apps, Browser, CXO, Google

    About

    Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem... Full Bio

    zdnet_core.socialButton.googleLabel Contact Disclosure

    Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

    Related Stories

    The best of ZDNet, delivered

    You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
    Subscription failed.