# Google patches Pwn2Own WebKit bug in Chrome



## Glaswegian (Sep 16, 2005)

Google has patched a WebKit flaw in its Chrome browser that was exploited by a multinational team to hack the BlackBerry Torch smartphone at Pwn2Own.

Although Chrome was unchallenged at Pwn2Own, the browser relies on the open-source WebKit browser engine, and so needed to be patched.

Friday's Chrome update made Google the first browser developer to patch a vulnerability used at Pwn2Own, the hacking contest sponsored by HP TippingPoint and its Zero Day Initiative (ZDI) bug bounty program. Pwn2Own ran Wednesday through Friday and handed out $60,000 in prize money to four individuals or teams.

Last Thursday, Vincenzo Iozzo, Willem Pinckaers and Ralf-Philipp Weinmann won $15,000 by hacking Research in Motion's BlackBerry Torch with an exploit of a WebKit vulnerability in the BlackBerry's browser. The same day, Dion Blazakis and four-time winner Charlie Miller exploited a different WebKit flaw in Apple's Safari browser on the iPhone 4.

According to Google, the WebKit bug exploited by Iozzo, Pinckaers and Weinmann was a "memory corruption in style handling." Google rated the threat to users as "high," its second-most-dire ranking.

As is Google's practice, it locked access to its bug tracker to bar outsiders from viewing the technical details of the just-patched vulnerability. The company blocks public access to flaws for weeks or even months to give users time to update.

Apple, which will need to patch the same WebKit bug that Google addressed, as well as the one that Blazakis and Miller exploited, does not comment on its security update process.

Google also awarded Iozzo, Pinckaers and Weinmann $1,337 from its own bug bounty program, adding to their cash take for the Pwn2Own hack.

Neither Chrome nor Mozilla's Firefox were challenged at last week's Pwn2Own: Researchers who had earlier signed up to take on the browsers didn't show or withdrew because they had failed to come up with reliable exploits in time for the contest.

Employees of both Mozilla and Google touted the browsers' survival skills.

"Whew, Firefox survived #pwn2own 2011. This is not a laurel we are resting on, but I'm still happy about it," said Brendan Eich, Mozilla's CTO, in a tweet last week. "Congrats to Chrome surviving, too."

"Both surviving browsers: open source, have bounty programs, have embedded security teams, better at faster fixes. Coincidence?" tweeted Chris Evans, an engineer on the Chrome security team.

Smartphones running Google's Android and Microsoft Windows Phone 7 operating systems also escaped Pwn2Own unscathed.

Last week's contest was the third consecutive Pwn2Own that Chrome was not exploited by researchers. It was the first time for Firefox since browsers were designated as targets in 2009.


Google patches Pwn2Own WebKit bug in Chrome - Computerworld


----------

