Yesterday we mentioned how all the popular browsers were falling one after another, before the hands of skilled hackers in Pwn2Own 2009 contest, organized by CanSecWest.After the first day of the competition at Pwn2Own contest, Chrome is the only browser that is still alive, while Safari, Internet Explorer 8 and Firefox have succumbed to the ability of hackers. Pretty disappointing, especially in the case of Safari and Firefox, of which most of us expect security.
First we explain a little about the contest: It is divided into three days, which impose certain limitations on how computers can be hacked through browsers.
- On first day,attacks can only be made directly from browser visiting a link, without using plugins (like Flash).
- On 2 day, they can use exploits that have been found in the browser’s plugins such as Flash, Java,. Net, Quicktime, to hack the PC
- The rules are more lax on 3 day,popular apps such as acrobat reader come in to play
How Google Chrome survived?
So, Chrome seems to be the big winner, which is largely due to its sandbox feature, which isolates it from potential security holes.
According to the Chromium Blog:
A sandbox is security mechanism used to run an application in a restricted environment. If an attacker is able to exploit the browser in a way that lets him run arbitrary code on the machine, the sandbox would help prevent this code from causing damage to the system. The sandbox would also help prevent this exploit from modifying and even reading your files or any information on the system.
The Chromium Blog has an extensive article on this, it is worth reading. If you want you can check out here A new approach to browser security.
who knows chrome may fall in the reaming 2 days? of course this is the idea of the competition once they have greater freedoms to use plugins or external applications, it is almost certain that Chrome will fall like the rest. However, having survived the first day is an achievement.