Google Patches Bug Exploited By Security Researchers In Pwn2own Contest

By Author: eccuni
Total Articles: 211
Comment this article

Recently, Google patched a security flaw in Chrome browser exploited by security researchers in the Pwn2Own Contest. Security professionals at Google were prompt in releasing the security update for the WebKit flaw, which was exploited by Vincenzo Iozzo, Ralf Philipp Weinmann and Willem Pinckaers. The trio of researchers received a bounty of $15,000 for breaching the security of Blackberry Torch 9800 smartphone by exploiting WebKit flaw. Google also awarded a prize of $1,337 to the team of security researchers under the company’s vulnerability reward program. While Weinmann is a post-doctoral researcher from Luxembourg, lozzo works as an engineer in Germany and Pinckaers is a security consultant from the Netherlands.

Attackers may exploit the vulnerability resulted by an error in style handling to cause memory corruption. WebKit is the rendering engine used by Chrome browser. The company has rated the patched vulnerability as high in severity. Google rates vulnerabilities as critical, high, medium and low in terms of severity. High rating is given to a flaw that allows attackers to read confidential data or execute ...
... arbitrary code or interfere with browser security features, and those which arise during the implementation of sandbox.

The company has updated the stable and beta channels of the Chrome browser to 10.0.648.133 for Windows, Mac, Linux and Chrome by mitigating the WebKit security flaw. The company does not reveal additional information regarding security flaws for a long period to enable users to update the patch. Attackers try to take advantage of the lack of security awareness among people to exploit vulnerabilities. Online IT courses and video tutorials may be used to create cyber security awareness among users.

Attackers are quick to identify and exploit vulnerabilities. The vulnerability reward programs by software developers are aimed at encouraging researchers to detect flaws before their exploitation by malicious individuals. Growing threats in the online environment have resulted in increased demand for professionals qualified in IT degree programs and security certifications.

Except for the identified security flaw, Google Chrome remained unbreached at the Pwn2Own contest. Firefox, the other popular web browser also survived the contest and was not intruded by security researchers. Security professionals are required to constantly update their skills to deal with vibrant security threats. Online IT degree, e-learning programs, webinars and seminars may help security professionals in enhancing their technical know-how and improving skill sets.