Teenager hacks Google Chrome with three 0day vulnerabilities

Summary:"Pinkie Pie," who asked to remain anonymous because he had not been authorized by his employer to participate in the contest, said he chained three different vulnerabilities to build an exploit to escape the Chrome sandbox.

A teenage hacker who goes by the "Pinkie Pie" handle has hacked into Google Chrome using three distinct zero-day vulnerabilities to evade the browser's protective sandbox.

The exploit was used as part of Google's Pwnium hacker contest and earned the researcher the maximum $60,000 cash prize.

follow Ryan Naraine on twitter

"Pinkie Pie," who asked to remain anonymous because he had not been authorized by his employer to participate in the contest, said he chained three different vulnerabilities to build an exploit to escape the Chrome sandbox.

A Google spokesman on site confirmed the winning exploit. He said the company's security response process would kick in immediately to push out a patch.

"We have a team standing by waiting for this.  We have three different teams working on putting together the fix, building a patch and releasing it for our customers," he said.

[ SEE: How Google set a trap for Pwn2Own exploit team ]

While "Pinkie Pie" was previously unknown to onlookers here, Googlers described him as a "known and respected security researcher."

In an interview after successfully launching the drive-by download exploit, Pinkie Pie said he worked for about one-and-a-half weeks to find the vulnerabilities and write a reliable exploit.

The exploit worked on a fully patched Windows 7 machine (64-bit) and did not require any user action beyond normal web browsing.

Pinkie Pie has never submitted a vulnerability report to Google and created this multi-stage attack specially for the Pwnium contest.

He said he never considered selling the vulnerability to third-party brokers.  "I've never sold a vulnerability before."

Strangely, which sandbox escapes are rare, Pinkie Pie said the easiest part of his attack was jumping out of the Chrome sandbox after the initial exploit.

"I got lucky because I found a way [to jump out of the sandbox] very early.  I figured it out by looking at it carefully," he added.

He declined to discuss specifics of the vulnerabilities or the exploit techniques, deferring comments to Google representatives.

ALSO SEE:

  • Pwn2Own 2012: Google Chrome browser sandbox first to fall
  • CanSecWest Pwnium: Google Chrome hacked with sandbox bypass
  • Charlie Miller skipping Pwn2Own as new rules change hacking game
  • CanSecWest Pwn2Own hacker challenge gets a $105,000 makeover
  • Topics: Browser, Apps, Google, Security

    About

    Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem... Full Bio

    zdnet_core.socialButton.googleLabel Contact Disclosure

    Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

    Related Stories

    The best of ZDNet, delivered

    You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
    Subscription failed.