Google Chrome pwned in final Mobile Pwn2Own hack

After day 1 saw the compromise of iOS 6 and 7 through Safari and the Samsung Galaxy S4 through Samsung apps, Google Chrome on the Nexus 4 and Samsung Galaxy S4 was fully-compromised. The competition is now over. [UPDATE: The bugs are fixed.]

Google Chrome is the last product to fall in Mobile Pwn2Own 2013, sponsored by HP's Zero Day Initiative. Yesterday, on day 1 of the 2 day competition at PacSec Tokyo 2013, iOS 6 and 7 and the Samsung Galaxy S4  were hacked .

Chrome was taken down by "Pinkie Pie" (no further identification is provided). The attacks were demonstrated first on a Google Nexus 4 and then on a Samsung Galaxy S4.

[UPDATE: Google has already patched the Chrome bugs demonstrated by Pinkie Pie.]

Pinkie Pie won the full $50,000 award for using two vulnerabilities in Chrome, first an integer overflow to get remote code execution, then another unspecified vulnerability which resulted in a full sandbox escape. The vulnerabilities have been reported to Google.

These vulnerabilities would allow an attacker to take full control of the device.


You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All