[ISN] Teen Exploits Three Zero-Day Vulns for $60K Win in Google Chrome Hack Contest

[InfoSec News <alerts@xxxxxxxxxxxxxxx>]

http://www.wired.com/threatlevel/2012/03/zero-days-for-chrome/

By Kim Zetter
Threat Level
Wired.com
March 9, 2012

VANCOUVER, British Columbia -- Just hours before the end of Googleâs $1 
million hack challenge, a teenager who once applied to work at Google 
without getting a response, hacked the companyâs Chrome browser using 
three zero-day vulnerabilities, one of which allowed him to escape the 
browserâs security sandbox.

The tall teen, who asked to be identified only by his handle âPinkie 
Pieâ because his employer did not authorize his activity, spent just a 
week and a half to find the vulnerabilities and craft the exploit, 
achieving stability only in the last hours of the contest.

A demonstration of the teenâs hack took a slight departure from other 
hack demonstrations this week. Instead of opening the calculator 
application on the targeted machine to demonstrate success, Pinkie Pieâs 
hack ended with an image of an axe-wielding Pinkie Pie pony, a character 
from the wildly popular My Little Pony animated TV series.

The hack qualifies him for one of the top $60,000 prizes that are part 
of Googleâs $1 million Pwnium challenge, and could be the launch of a 
new security career.

[...]

______________________________________________________________________________
Learn how to be a Pen Tester or a CISSP with Expanding Security online. Get
a free class invitation and see how good and fun the program really is.
http://www.expandingsecurity.com/PainPill