Google has been touting its Chrome browser as one of the most robust and secure browsers on the market and this so much that they put up a $1 million treasure chest for anyone who could demonstrate any security lapse in the browser. Well, this has been going on for a while with Google always going back home from the annual Pwn2Own contest with their money intact, that is, until this year.
This year a Russian student was able to hack the browser and demonstrate to Google engineers the hack and for that he went home $60K richer. The hack, which the student had to demonstrate to Google engineers privately, will probably remain unknown as Google has declined to offer more on what the hack was and what vulnerability it exploited.
This is expected because other web browsers such as Mozilla Firefox and Apple’s Safari are also built on the same standards and same technology and as such, any security breach that would affect Chrome could very well be used against the other browsers. Needless to say, Google engineers were able to create a patch for the vulnerability in under 24 hours and issued the same as an automatic update to all Chrome users.
Security issues in browsers are issues few web browser users understand and yet they are the most exploited owing to the fact that all sensitive data has to pass through a browser interface in order to access the Internet. The Chrome breach has been code-named CVE-2011-3046 and all Google will say about it is that it had something to do with “UXSS and bad history navigation”, which is tech-speak for mind your own business!
