Google’s Chrome internet browser has remained the high water mark for web browser security for four years but that legacy has finally been broken.  Chrome, which entered the browser marketplace back in 2008 quickly gained a name for itself for being the fastest web browser as well as functionally hacker proof.  Google has taken part in Pwn2Own—a security competition run by HP—for the last four years and matched Chrome against the likes of Safari, Internet Explorer and Firefox.  For four years Chrome remained the sole competitor un-hacked by the competitors.

This year however, Google let their pride get the best of them and offered a $60,000 prize for anyone who could crack their code.  A Russian college student stepped up to the challenge during the Google hosted Pwnium event.  Sergey Glazunov submitted a hack that completely bypassed the security measures built into the Chrome browser.  ZDNet reports that a previously undiscovered exploit was used to bypass its “sandbox”—a restriction designed to stop hackers from accessing the rest of a user’s computer even if they do compromise the browser. When asked about the exploit, Justin Schuh, a member of the Chrome security team, revealed that the exploit was specific to Chrome and bypassed the browser security sandbox entirely.  ”It didn’t break out of the sandbox

[but] it avoided the sandbox,” Schuh said in an interview.

Google was left embarrassed a second time as a French security firm showed that they had their own hack to bypass the browser; a feat that was accomplished in only five minutes.

Google is already working on fixes for the exploits and expects to have the solutions released within days as part of Chromes automatic system updates.  Regardless, Google can no longer flaunt Chrome as the hack proof browser and reinforces the adage that there is no such thing as a truly secure security system.

– Richard Keene
IT Computer Support of New York
Design and Optimization Department