Google's Chrome was 'hackable' at Pwn2Own contest!

[samuelvirucide]

Hi avast forum members,

   Google's Chrome was 'hackable' at Pwn2Own contest.

         

[RejZoR]

Well, they are talking about chrome sandboxed environment, but all you have to do is to redirect user to a malicious site and offer him a downloadable file that then takes control over PC. Chrome doesn't protect from that at all.
And most of users would download and execute the thing for sure.

[Lisandro]

Won't it occur with other browsers either?

[Alan Baxter]

A user can always intentionally download a malicious file from a web site, no matter what browser is being used.  That isn't what it means "to hack a browser".  In the Pwn2Own contest, the browsers were hacked by merely having the user visit a malicious web site.  No intentional download was necessary.  It turns out Chrome had the same vulnerability that Safari did, but no one happened to used that to compromise Chrome in the contest.

[polonus]

Hi Alan Baxter,

I have SRWare's Iron (a GoogleChrome variety without some of the Google specific privacy issues), but I find that avast supports it with their shields, and seen to the recent infestations of reputable sites and how avast protects us there, the avast shields are "top of the bill" really "high class", well nothing actually beats the NoScript protection as one uses a browser that supports that extension or the Proxomitron solution for other browsers without NoScript, re: http://forum.avast.com/index.php?topic=45345.0

polonus

[RejZoR]

Won't it occur with other browsers either?

Thats the exact point. They don't need any special hacks or anything, just naive user.

[Marc57]

Won't it occur with other browsers either?

Thats the exact point. They don't need any special hacks or anything, just naive user.

So,So true. A while back, I actually had one of the people whose computers I keep up call and ask me how to turn Avast off. When I asked why, They said that there was something they REALLY wanted to download and Avast kept telling them that it was infected. I then had to explain AGAIN that if Avast alerts, You don't want it. ( I also checked it on VT and it was infected)

I'm beginning to think that there should be a law that people should have to take a class in computer security before they're allowed to own a computer. 

[Lisandro]

I'm beginning to think that there should be a law that people should have to take a class in computer security before they're allowed to own a computer. 

People need to learn how to drive a car.
People think that a computer is different than a car and want to work with it without knowing how it works.

[polonus]

Hi Tech,

That is why half of the normal user PCs is owned by someone else than the man, woman or kid sitting between the keyboard and the chair near that particular PC. Why do you think so many PCs are part of a bot-network or combined bot-network, a zombie machine so to say, because everybody with two index fingers thinks he, she or it is ready to work a computer. They should have a computer license and know how to protect themselves. Now they only know you can click three ways - click left, click right and click it away, and that all by default. If the situation was not that hopeless, one could see it really is hilarious.
Computing is one of the few things in life that you do not have to be trained or educated for, which actually is not so bad for the av vendor and the repair man after all,

polonus