Hacker hacks into Google Chrome and wins $60,000

“Pinkie Pie” won himself $60,000 after successfully hacking into Google Chrome by exploiting a security hole during Tuesday’s Pwnium 2 contest that was held at the Hack in the Box 2012 event in Kuala Lumpur, Malaysia.

“Pinkie Pie” won himself $60,000 after successfully hacking into Google Chrome by exploiting a security hole during  Tuesday’s Pwnium 2 contest  that was held at the Hack in the Box 2012 event in Kuala Lumpur, Malaysia.

In an effort to shore up its browser’s defenses, Google holds the competition to challenge hackers to hack their way through Chrome’s security to find previously unknown holes.

A statement posted on their blog read:

“As part of our ongoing effort to reward exceptional vulnerability research in the security community, we hosted the Pwnium 2 competition at Hack in the Box 2012 in Kuala Lumpur yesterday.

We’re happy to confirm that we received a valid exploit from returning pwner, Pinkie Pie. This pwn relies on a WebKit Scalable Vector Graphics (SVG) compromise to exploit the renderer process and a second bug in the IPC layer to escape the Chrome sandbox. Since this exploit depends entirely on bugs within Chrome to achieve code execution, it qualifies for our highest award level as a “full Chrome exploit,” a $60,000 prize and free Chromebook.

One of Chrome’s most effective security defenses is our fast response time and ability to update users with critical patches, quickly. These bugs were no exception. We started analyzing the exploit as soon as it was submitted, and in fewer than 10 hours after Pwnium 2 concluded we were updating users with a freshly patched version of Chrome.

We’d like to thank Pinkie Pie for his hard work in assembling another great Pwnium submission. We’ll post an in-depth look at the bugs used and subsequent mitigations once other platforms have been patched.”

Google’s Chrome team quickly jumped on the exploit as soon as it was discovered, leading to an update to the browser to patch the hole after just 10 hours.

Additional report from Cnet and The Chromium blog