Chrome Safer Because it Is Harder to Crack
Article by George Norman
On 25 Mar 2009
At the PWN2OWN competition which we reported upon a little while back (details here), Charlie Miller, last year’s defending champion, and German computer science student Nils managed to exploit security holes affecting three of the most popular browsers out there: Microsoft IE8, Apple Safari, and Mozilla Firefox. The only browser to withstand the hacker attacks was the Google developed Chrome browser. What this means is that alongside a very speedy browser, Chrome can also boast about being safer as well.

“We are all wrapped up from this years CanSecWest and pwn2own contest, and again it was a great conference, and a successful competition. The contest uncovered 4 new and unique critical vulnerabilities affecting the latest and greatest versions of IE, Safari and Firefox. The Chrome browser gets a small nod for being impacted by one of the flaws, although exploit is not possible using any current known techniques. I’m sure they’ll get it fixed up just the same,” said Manager of Security Response with TippingPoint, Terri Forslof.


According to Charlie Miller, the hacker that during this year’s competition managed to break Apple’s Safari in about 10 seconds (a considerable improvement compared to last year, when he hacked Safari as well), all are plagued by some sort of vulnerability. The question is not if there is a vulnerability to be discovered, because there certainly is, but how hard it is to find and exploit this vulnerability. While Apple’s Mac OS X offers “no hurdle to jump through” and as such exploiting Safari is a piece of cake, Charlie Miller agrees that the Chrome browser is in a league of its own.

“There are bugs in Chrome but they’re very hard to exploit. I have a Chrome vulnerability right now but I don’t know how to exploit it. It’s really hard. The’ve got that sandbox model that’s hard to get out of. With Chrome, it’s a combination of things — you can’t execute on the heap, the OS protections in Windows and the Sandbox. I might have this bug and I might be able to get code execution. But now you’re in a sandbox and you have no permissions to do anything. You need another bug to get out of the sandbox. Now you need two bugs and two exploits. That raises the bar," said Miller.

Tags: Google, Chrome
About the author: George Norman
George is a news editor.
You can follow him on Google+, Facebook or Twitter

I Hope you LIKE this blog post! Thank you!
What do YOU have to say about this
blog comments powered by Disqus
Popular News
By George Norman on 17 Aug 2017
With the blockbuster movie season upon us, Sony decided to celebrate the occasion with a sale: the Attack of the Blockbusters Sale that offers discounts of up to 50% (60% if you’re a PlayStation Plus member) on a ton of PS4 video games.
By George Norman on 17 Aug 2017
Samsung’s new T5 portable solid-state drive (PSSD) uses the latest 64-layer V-NAND technology, offers between 250GB and 2TB of storage capacity, has a lightweight and shock-resistant design that’s smaller than the average business card, and delivers industry-leading transfer speeds of up to 540 MB/s.
Related News
Sponsored Links
Hot Software Updates
Top Downloads
Become A Fan!
Link To Us!
Chrome Safer Because it Is Harder to Crack
HTML Linking Code