Google’s Chrome Escapes Hack Contest Untouched
I will file this under “I didn’t know that although I am not even close to surprised” for obvious reasons. Google gets to make a claim about its Chrome browser that others like Firefox and Microsoft’s Internet Explorer 8 and Apple’s Safari can’t. That claim is that it survived the Pwn2Own 2010. Forbes tells us a little more
The Pwn2Own competition in Vancouver is a yearly demonstration of the software industry’s utter inability to keep its products safe from determined hackers. This year, researchers cracked Firefox, Internet Explorer 8, and Safari in minutes, winning $10,000 each, bragging rights and the hardware those applications were running on.
But more notable is the one survivor of the competition’s browser category: Google’s Chrome.
For the second year in a row, Chrome has left the Pwn2Own competition unscathed even as all of its competitors have been compromised.
In a world where security and privacy are more desired but maybe less available than ever this kind of competition is interesting. We all know there are folks out there who are interested in compromising Internet systems for monetary gain and many other times just for sport. We as end users know it exists and cross our fingers hoping it doesn’t happen to us.
While Google can talk about its victory here there is some skepticism among the researchers who participate in this competition as to just how secure Chrome really is. Apple hacker Charlie Miller was able to win for the third year in a row with his efforts to compromise the Safari browser. He also wonders about Google supposed invulnerability.
Miller argues in an email to us that Google isn’t necessarily more secure than its competitors–just that hackers hack the applications they use themselves. “Researchers tend to just pick on their favorite browser,” he writes.
This is the second year in a row that the Chrome browser was unscathed but there is plenty of speculation that this will not last. Why? As something gets a reputation of being impenetrable it gets the blood of any good researcher / hacker or whatever boiling. Also, there is $10,000 on the line each year at this competition. Which pays better than Google apparently because they have $1,337 limit on payment for security bugs.
So what is Google take on this? Of course, they have a better mousetrap
Google, for its part, would argue that Chrome simply has better security features, namely “sandboxing,” which drastically limits the privileges of a Web site to access your computer’s hardware. Google bought at least part of that sandboxing ability with its acquisition of software firm GreenBorders in May of 2007. Check out its comic book illustration of how sandboxing works.
Now that Google has put a bullseye on Chrome we’ll see just how long this streak will last.