Friday 12 October 2012

Pinkie Pie Wins $60K In Pwnium2

The teenage hacker who goes by the handle "Pinkie Pie" once again successfully exploited the google chrome browser in the Pwnium 2 event held in HITB2012 conference in Kuala Luampur. With the goal to reward the exceptional vulnerability researchers, Google Chromium team had started Pwnium earlier this year and this is the second installment of Pwnium.

Google software engineer Chris Evans writes in a blog post:

" We’re happy to confirm that we received a valid exploit from returning pwner, Pinkie Pie. This pwn relies on a WebKit Scalable Vector Graphics (SVG) compromise to exploit the renderer process and a second bug in the IPC layer to escape the Chrome sandbox. Since this exploit depends entirely on bugs within Chrome to achieve code execution, it qualifies for our highest award level as a “full Chrome exploit,” a $60,000 prize and free Chromebook. "

Chromium team has already released the patched and updated google chrome in less than 10 hours after the exploit was confirmed. The Stable channel has been updated to 22.0.1229.94 for Windows, Mac, and Linux which contains the fix for the security exploit discovered by Pinkie Pie