This year’s hacking competition by Google, Pwnium, was highlighted by a Russian university student who hacked into a fully patched Windows 7 machine (64-bit) using a remote code execution vulnerability/exploit in Google’s Chrome web browser.
Sergey Glazunov is a long-time Chromium contributor. His attach included a Chrome sandbox bypass. The hacker scored a $60,000 payday for the exploit, which targeted two distinct zero-day vulnerabilities in the Chrome extension sub-system.
Sundar Pichai, Google employee said:
Congrats to long-time Chromium contributor Sergey Glazunov who just submitted our first Pwnium entry. Looks like it qualifies as a “Full Chrome” exploit, qualifying for a $60k reward. We’re working fast on a fix that we’ll push via auto-update. This is exciting; we launched Pwnium this year to encourage the security community to submit exploits for us to help make the web safer. We look forward to any additional submissions to make Chrome even stronger for our users.
Google is already working on a fix for the exploit and the update would be out soon.