Linked by Thom Holwerda on Fri 9th Mar 2012 09:43 UTC, submitted by bowkota
Google "As day one of the annual Pwn2Own hacker contest wound down on Wednesday, no browser suffered more abuse than Google Chrome, which was felled by an attack exploiting a previously unknown vulnerability in the most up-to-date version. Combined with a separate contest Google sponsored a few feet away, it was the second zero-day attack visited on Chrome in a span of a few hours." Google fixed the issue within 24 hours.
Thread beginning with comment 510093
To read all comments associated with this story, please click here.
Comment by mantrik00
by mantrik00 on Fri 9th Mar 2012 14:46 UTC
mantrik00
Member since:
2011-07-06

The Chrome hack video (http://youtu.be/c8cQ0yU89sk) from Vupen (quoted in Ars Technica) showed Chrome browser version as v11. The hack may be only theoretical (meant for sensational headlines). Chrome's auto-update policy would have ensured that all its users would be running the current version ,ie, Chrome v17 or v18 (with that hole plugged).

Unless I missed something, only Sergey Glaznov's exploit demonstrated in Google's contest pertained to the latest version of the browser.

Reply Score: 2

RE: Comment by mantrik00
by geleto on Fri 9th Mar 2012 16:09 in reply to "Comment by mantrik00"
geleto Member since:
2005-07-06

The competition also involves on the spot writing of exploits for previously patched vulnerabilities . That should explain why Chrome v11 is used.

Reply Parent Score: 1

RE: Comment by mantrik00
by Erunno on Fri 9th Mar 2012 17:05 in reply to "Comment by mantrik00"
Erunno Member since:
2007-06-22

Chrome's auto-update policy would have ensured that all its users would be running the current version ,ie, Chrome v17 or v18 (with that hole plugged).


For unknown reasons (at least to me) Chrome has a growing long tail of users who are not updated to the latest version.

Reply Parent Score: 2

RE[2]: Comment by mantrik00
by bassbeast on Sat 10th Mar 2012 00:11 in reply to "RE: Comment by mantrik00"
bassbeast Member since:
2007-11-11

Probably because they have run into a website that the new one is incompatible with, or their OS don't like the new one? I've run into that myself with Dragon (Chromium based) with one customer who has a little website she likes to go to that simply hangs on anything newer than Dragon 12, and i myself have stopped at Dragon 14 for awhile because anything over that doesn't seem to like the shell i have for XP.

I'm backing up my user folder now to try the latest release but if it doesn't load the websites i use correctly or hangs I'll be going back to 14 as its not worth changing the OS or jumping through hoops just to have the latest and greatest on an old nettop.

Reply Parent Score: 1

RE[2]: Comment by mantrik00
by zima on Fri 16th Mar 2012 23:26 in reply to "RE: Comment by mantrik00"
zima Member since:
2005-07-06

I suppose the update process could be also simply failing for various reasons, which would accumulate on more and more machines, over time - for example, starting with simple lack of enough free space on C (yeah, you'd think that's unheard of; but, I can imagine small portion of people somehow mostly filling it up, after Chrome installation, then just moving to other drives for their "usual" storage ...while Chrome - relatively hungry for free space during updates - languishes)

Reply Parent Score: 2