Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: Google Chrome Updates Available - just in time for Pwn2Own - SANS Internet Storm Center SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Google Chrome Updates Available - just in time for Pwn2Own

The Pwn2Own contest by HP Tipping Point held at CanSecWest each year has a new sponsor this year. Google.

Google has offered up a bounty for breaking into Google Chrome.  As a seemingly direct defensive measure to prevent a big pay out, Google has published updates the day before the competition kicks off that fix numerous problems.

Yesterday, Google published 23 updates for the Chrome browser.  15 of them were rated high by Google.  So get those browers patched!

The nice part is Credit and Cash go to the individuals that report and assist with patch development.

Kevin Shortt
ISC Handler on Duty

Kevin Shortt

85 Posts
ISC Handler
Mar 9th 2011
Haven't the browsers already been frozen for the contest? If so, doesn't releasing updates just give people something to reverse engineer to get new exploits (not that they need it)?

5 Posts
The timing is definitely suggestive of something. If it's true that browser versions have been frozen already for the contest, then maybe Google wanted to patch a vulnerability that they've discovered someone intends to use tomorrow.

It's a fair bet that Google would know such a thing, what with their tentacles crawling most of the web and social networks, extensive mailing list and newsgroup archives, access to private emails sent to or from any gmail user or even illegal wifi sniffing activities.

Being able to say "but it's okay, we patched it yesterday" would give their PR people a reasonable comeback if they get 'owned' at a competition they've created lots of hype over this year, in a bid to gain more users of their usage-tracking web browser.
Steven C.

171 Posts

Sign Up for Free or Log In to start participating in the conversation!