At a Vancouver information technology conference this week, Google's Chrome web browser took some lumps and bruises. During this year's CanSecWest Vancouver, Pwn2Own competitors attempted to expose security flaws in Google Chrome as part of a hacking competition turned annual tradition—and they did.
Hackers exploited previously unknown security flaws for the first time in a Pwn2Own competition. Vupen Security performed the deed within five minutes of the contest starting.
During the contest, which is in its fifth year, the team at Vupen created a webpage that could be visited on a fully up-to-date Windows operating system running a fully up-to-date Chrome browser—and effectively bypass all security protections to execute a command on the user's computer. While the competition is all in good fun, not all hackers are exactly altruistic, so users should never overestimate their computer's security, as this contest clearly demonstrates.
And in a Google-sponsored "Pwnium" contest, not associated with CanSecWest, Sergey Glazunov also performed a full Chrome exploit—and pocketed a cool $60,000 from Google for it too. Google called the exploits "exciting," as they are evidence of the skill of hackers—but also allow the company to beef up Chrome security afterward.