Teenager hacks Google Chrome with three 0day vulnerabilities

"Pinkie Pie," who asked to remain anonymous because he had not been authorized by his employer to participate in the contest, said he chained three different vulnerabilities to build an exploit to escape the Chrome sandbox.

A teenage hacker who goes by the "Pinkie Pie" handle has hacked into Google Chrome using three distinct zero-day vulnerabilities to evade the browser's protective sandbox.

The exploit was used as part of Google's Pwnium hacker contest and earned the researcher the maximum $60,000 cash prize.

follow Ryan Naraine on twitter

"Pinkie Pie," who asked to remain anonymous because he had not been authorized by his employer to participate in the contest, said he chained three different vulnerabilities to build an exploit to escape the Chrome sandbox.

A Google spokesman on site confirmed the winning exploit. He said the company's security response process would kick in immediately to push out a patch.

"We have a team standing by waiting for this.  We have three different teams working on putting together the fix, building a patch and releasing it for our customers," he said.

[ SEE: How Google set a trap for Pwn2Own exploit team ]

While "Pinkie Pie" was previously unknown to onlookers here, Googlers described him as a "known and respected security researcher."

In an interview after successfully launching the drive-by download exploit, Pinkie Pie said he worked for about one-and-a-half weeks to find the vulnerabilities and write a reliable exploit.

The exploit worked on a fully patched Windows 7 machine (64-bit) and did not require any user action beyond normal web browsing.

Pinkie Pie has never submitted a vulnerability report to Google and created this multi-stage attack specially for the Pwnium contest.

He said he never considered selling the vulnerability to third-party brokers.  "I've never sold a vulnerability before."

Strangely, which sandbox escapes are rare, Pinkie Pie said the easiest part of his attack was jumping out of the Chrome sandbox after the initial exploit.

"I got lucky because I found a way [to jump out of the sandbox] very early.  I figured it out by looking at it carefully," he added.

He declined to discuss specifics of the vulnerabilities or the exploit techniques, deferring comments to Google representatives.

ALSO SEE:

  • Pwn2Own 2012: Google Chrome browser sandbox first to fall
  • CanSecWest Pwnium: Google Chrome hacked with sandbox bypass
  • Charlie Miller skipping Pwn2Own as new rules change hacking game
  • CanSecWest Pwn2Own hacker challenge gets a $105,000 makeover

    Newsletters

    You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
    Subscription failed.
    See All