Google patches Chrome bug from fizzled Pwn2Own hack

Google patches Chrome bug from fizzled Pwn2Own hack

Google yesterday updated Chrome to patch several vulnerabilities, including a bug in the browser's JavaScript engine that a Chinese team tried to exploit at a recent hacking contest.

The update to version 57.0.2987.133 contained fixes for five vulnerabilities, one marked "Critical" -- the most serious rating in Google's system -- and the others tagged "High."

Of the four vulnerabilities ranked High, one was attributed to "Team Sniper," one of five groups from Chinese company Tencent Security that participated in this year's edition of Pwn2Own, one of the world's best-known hacking contests. Pwn2Own ran March 15-17 alongside the CanSecWest conference in Vancouver, British Columbia.

Team Sniper took aim at Chrome on the first day of the challenge, hoping to grab the $80,000 prize for hacking Google's browser. But the Chinese researchers fell short. "Unfortunately, they could not get their exploit chain working within the allotted timeframe, resulting in a failure," said TippingPoint, a division of Trend Micro and Pwn2Own's sponsor, at the end of Day 1.

Google noted that the bug used by Team Sniper was an "out-of-bounds memory access [vulnerability] in V8," Chrome's JavaScript engine. As is Google's practice, it did not divulge any other information about the flaw. After several weeks, or even months -- enough time for most users to update the browser -- Google usually lifts the embargo on the bug report and its technical data.

No other individual researcher or team of hackers attempted to crack Chrome at Pwn2Own. Several successful attacks were conducted against other browsers during the contest, however, including five that compromised Microsoft's Edge, four that broke Apple's Safari and one which hijacked Mozilla's Firefox.

Mozilla patched the Firefox flaw just a day after the vulnerability was exploited at Pwn2Own.

IDG Insider


«Verizon to launch wireless Cat M1 network nationwide to juice IoT


Destiny 2 is coming to the PC, Bungie confirms»
IDG Connect

IDG Connect tackles the tech stories that matter to you

Our Case Studies

IDG Connect delivers full creative solutions to meet all your demand generatlon needs. These cover the full scope of options, from customized content and lead delivery through to fully integrated campaigns.


Our Marketing Research

Our in-house analyst and editorial team create a range of insights for the global marketing community. These look at IT buying preferences, the latest soclal media trends and other zeitgeist topics.



Should the government regulate Artificial Intelligence?