While the Linux-based operating system wasn't really cracked at Pwnium, Google has decided to award a hacker $40,000 for finding an unreliable Chrome OS exploit.
Earlier this month at the CanSecWest security conference, the Chrome team took part in another Pwn2Own and hosted our third-edition Pwnium competition. This year’s participants once again impressed us with their talent and security prowess. We’re excited about what lessons we can learn from their work to make Chrome and Chrome OS even more secure.
At Pwnium, we didn’t receive any winning entries, but did reserve the right to issue “partial” rewards. We’re pleased to reward $40,000 to Pinkie Pie, who submitted a plausible bug chain involving video parsing, a Linux kernel bug and a config file error. The submission included an unreliable exploit demonstrating one of the bugs. We’ve fixed most of these bugs already.
In particular, we’d like to thank Pinkie Pie for honoring the spirit of the competition by disclosing a partial exploit at the deadline, rather than holding on to bugs in lieu of an end-to-end exploit. This means that we can find fixes sooner, target new hardening measures and keep users safe.
In the parallel Pwn2Own contest, participants attacked many different browsers and plug-ins. There was a top prize on the line for Chrome, which was claimed by Nils and Jon of MWR Labs. Of the two bugs used, one bug was in Chrome code, which we fixed in 24 hours. Thankfully, recently deployed hardening measures protected Chrome OS users. The second bug was in the Windows kernel. The new Pwn2Own rules required the researcher to hand the bug and exploit over to Microsoft, so we’re delighted that the Chrome entry will make other products safer, beyond just Chrome.
While these security gatherings and live competitions are fun, we also want to highlight the ongoing Chromium Vulnerability Reward Program, which covers not only the Chrome desktop browser, but also all Chrome OS components and Chrome on mobile devices. We’ve given away more than $900,000 in rewards over the years and we’re itching to give more, as engaging the security community is one of the best ways to keep all Internet users safe.
Time to go back to IE? Now here is something you won’t hear that often. Despite the common hate for Adobe’s Flash and Oracle’s Java plugins, it looks like they are not the major offenders when it comes to the actual number of vulnerabilities. According to the latest report by security firm Secunia, Google Chrome, [...]
Linux, once again, proved to be far more secure than most other operating systems as Google's Linux-based Chrome OS shrugged off its attackers at the $3.14-million Pwnium cracking competition.
Once again, a Microsoft partner claims that Linux is less secure than Windows. What else would they say?
Google is offering a pi--that's $3.14159 million--in prizes for cracking Chrome OS.
Security is one of the core tenets of Chrome, but no software is perfect, and security bugs slip through even the best development and review processes. That’s why we’ve continued to engage with the security research community to help us find and fix vulnerabilities. Recently, HP’s Zero Day Initiative (ZDI) announced details for the annual Pwn2Own competition, to be held at the CanSecWest security conference taking place March 6-8 in Vancouver, BC. This year we’ve teamed up with ZDI by working together on the Pwn2Own rules and by underwriting a portion of the winnings for all targets. The new rules are designed to enable a contest that significantly improves Internet security for everyone. At the same time, the best researchers in the industry get to showcase their skills and take home some generous rewards.
Today we’re announcing our third Pwnium competition—Pwnium 3. Google Chrome is already featured in the Pwn2Own competition this year, so Pwnium 3 will have a new focus: Chrome OS.
We’ll issue Pwnium 3 rewards for Chrome OS at the following levels, up to a total of $3.14159 million USD:
Today, when users are signed in to Google, Chrome sends their searches from the Chrome address bar (“omnibox”) over Secure Sockets Layer (SSL). Starting with Chrome 25 (currently in the Dev and Beta channels), we’re doing the same thing for Chrome omnibox searches performed by users who aren’t signed in to Google.
Serving content over SSL provides users with a more secure and private search experience. It helps ensure that malicious actors who might intercept people’s internet traffic can’t see their queries. Many major sites have begun serving content over SSL by default, such as Gmail in early 2010, Twitter in February 2012, and Facebook in November 2012. Search has also been moving toward encryption. Google introduced Encrypted Search in May 2010 and made encryption the default for signed-in users starting in October 2011. Firefox announced a switch to SSL for all Google searches in July 2012, and Safari did the same thing in September 2012. Chrome is continuing this trend.
Well-known developer Matthew Garrett has just made it easier for Linux to boot on PCs locked down with Windows 8 Secure Boot.
Sandboxing is a layer of security that Chrome places between attackers and their computer, aiming to isolate an attacker who has successfully exploited a vulnerability. When contained in a sandbox jail, an attacker will typically look for porous or fragile bits in the walls to throw rocks at. That is, he’ll try to gain additional privileges by taking advantage of other vulnerabilities. Our job is to make the virtual walls of the sandbox as strong and impenetrable as possible.
One juicy target for attackers is the operating system’s kernel: a large and complex code base. The latest stable version of Chrome introduces a new layer of sandboxing of Chrome renderers for the 64-bit versions of Chrome OS and Linux, based on a new kernel feature called seccomp-bpf. With seccomp-bpf we’ll install a small filter in the kernel that will quickly reject many of the rocks thrown by an attacker. A simple example: if we know that Chrome renderers don’t need a system call such as vmsplice, or a facility such as “inotify”, we can just deny them completely. We use a broker process model to keep the list of allowed system calls small.
Installing this filter in the kernel improves the security of our users. But it is just the beginning: using this new facility, we’ll continue to make the sandbox safer.
This new sandbox layer is automatically baked into the latest version of Chrome OS. On Linux, you can check by going to chrome://sandbox and look for “Seccomp-BPF sandbox Yes”. If this is not available, ask your Linux distribution to include and enable seccomp-bpf in its kernel, as Ubuntu has done since version 12.04.
As always, you can report bugs and issues here, by clicking on “New issue”.
Chrome: When you need to send a private email to someone, you don't want it to sit around and be easily readable by anyone. SafeGmail is a Chrome extension that adds PGP-like encryption to you emails, and requires a simple answer to a question to unlock. More »
A badly written FBI warning about Android malware has been taken to be about Android's security, when it's really about idiot users.
And a laptop. Following the recent Pwnium 2 competition, a hacker nicknamed “Pinkie Pie”, has successfully compromised Google’s Chrome web browser and received a free Chromebook and a cash prize of $60,000. Earlier this year, Pinkie Pie and Sergey Glazunov have also reaped a reward of $60,000, following the successful escape of everyone’s beloved sandbox. [...]
We’re happy to confirm that we received a valid exploit from returning pwner, Pinkie Pie. This pwn relies on a WebKit Scalable Vector Graphics (SVG) compromise to exploit the renderer process and a second bug in the IPC layer to escape the Chrome sandbox. Since this exploit depends entirely on bugs within Chrome to achieve code execution, it qualifies for our highest award level as a “full Chrome exploit,” a $60,000 prize and free Chromebook.
Security is one of Chrome’s core principles, and we work closely with the security community to continually make the web safer for users. In that spirit, we're hosting Pwnium 2 at Hack in the Box 2012 in Kuala Lumpur this week.
Participants will be able to demonstrate their pwns against Chrome at 9 a.m. Wednesday local time (1 a.m. GMT for folks keeping track). We’ll be actively analyzing any submissions we receive, and will announce successful exploits and prizes during our talk at 5 p.m, Thursday (9 a.m. GMT) on the evolution of Chrome’s vulnerability rewards program.
Recently, Google has released a new stable build of its desktop web browser, which includes a new sandbox architecture. Now, the search giant has shared some good news with its Android users as they too will be receiving a new build that strengthens web browser’s security. According to the recent blog post, Chrome for Android [...]
There are numerous reasons to make sure that your web browser does not leak information to the Internet or the browser maker if that is not required for functionality that you use. Preferences that handle features such as third party cookies or prefeteching are usually not found in a single location where they can be easily managed.
When it comes to privacy in Google Chrome, preferences can be found on the browser’s settings page and on the experimental chrome://flags page.
The Google Chrome extension Privacy Manager tries to resolve these issues by providing one-click access to these privacy settings. It adds an icon to the browser’s address bar on install that displays all privacy management options that it makes available in the browser.
All privacy related settings can be turned on or off with a single click of the mouse button:
- Third party cookies
- Auto fill – Automatically fill out forms
- Instant mode – Chrome will search for and display search suggestions in the address bar while you type
- Safe browsing mode
- Search suggestions
- Spelling service
- Translation service
- Hyperlink auditing – Chrome can send auditing pings when enabled
- Referrers – Can break websites if disabled
- Network Predictions – Pre-revolsing DNS queries and prefetching websites
- Alternate error pages
You can move the mouse cursor over the information icon to display information about one of the privacy settings; helpful if you do not know how the feature is related to your privacy on the Internet. All settings are privacy related, with some enabled, others disabled. If you do not mind the implications, you get fast access to some experimental features here that you can enabled in the browser. It is important to note that some settings, referrers for instance, may break websites when disabled.
Privacy Manager’s second big feature is the option to clean data on start of the browser. This works similar to the browser’s own clear browsing data feature, but with additional data locations to select. This includes among other Web SQL and File systems.
Chrome: If you tweak Chrome's privacy settings pretty often (like cookies, autofill, history, and others), Privacy Manager puts every single on of those settings in a simple dropdown, with on/off toggles for each one. More »
Or more… Even though Google has already paid more than $1 million dollars for bug reports, the search giant has recently announced that they will be increasing the budget for its Chromium Vulnerability Rewards Program. According to the official blog post, bug hunters will now receive a bonus of $1,000 or more for every security [...]