Anatomy of a hack: 6 separate bugs needed to bring down Google browser (opens in new tab)

(arstechnica.com)

54 pointsfelipe_csl14y ago12 comments

12 comments

The scary part was the limitation that hackers weren't allowed to exploit Windows vulnerabilities. When you think of how many unpatched Windows 7 (or older) machines are out there it's no wonder botnets keep growing..

fennecfoxen14y ago

I thought the scary part was the pink my-little-pony wielding a battle-axe that Pinkie Pie chose as his ("his?" ... i assume) mascot. ;) But then, different things scare different people different ways, and maybe I've just become numb the Windows-scare already.

Zirro14y ago

Actually, that "pink my-little-pony wielding a battle-axe"-pony is Pinkie Pie (http://mlp.wikia.com/wiki/Pinkie_Pie) ;)

She's known for being able to break the fourth wall (unlike the other ponies in FiM) and doing other "impossible" things, which I'm figuring the hacker may have connected to breaking out of a sandbox.

You may also want to see: https://secure.wikimedia.org/wikipedia/en/wiki/My_Little_Pon...

nodata14y ago

How many unpatched Windows 7 boxes are there? Do you have any numbers. I thought automatic updates were enabled by default on them.

lloeki14y ago

> the limitation that hackers weren't allowed to exploit Windows vulnerabilities

He guessed "some predictable addresses allocated by Windows" though. Not detracting from the achievement, but this could arguably be stashed in the non-Chrome side of things.

lmm14y ago

It's normal, and necessary, for the operating system to provide access to standard library functions; the easiest way to do this is having them at well-known addresses. Admittedly windows could do address space randomization which would make the exploit harder, but it should still be possible even with that.

josteink14y ago

Admittedly windows could do address space randomization which would make the exploit harder

According to Wikipedia, Windows provides one of the best ASLR on the market. I'm not sure why you are singling out Windows as a weak point here.

Windows has for a long time been the prime target of most exploits, and thus have spent considerable effort, on OS-level, to prevent the potential damage. OS X for instance, has almost none of the OS-level security features found in Windows and is a much easier target to exploit.

http://en.wikipedia.org/wiki/Address_space_layout_randomizat...

1 more reply

sparknlaunch1214y ago

Where do many of these hackers come from? What is their background?

I ask, as wish to know at a high level what tools and code they are using to find and exploit Chrome.

1 more reply

unreal3714y ago

The article makes it sound like since "6 separate bugs" were needed to bring down Chrome, it proves that its a more secure browser (than presumably IE or Firefox). But in 10 days a teenager found 6 bugs in Chrome in 2012? That doesn't sound more secure.

Xlythe14y ago

It's probably easier to find bugs the deeper you get. There's the assumption that you're authorized, and fewer people get that deep so exploits come up less. It's far from ideal, but most of the issues are listed as low (2) or medium (2). Only one is listed as high (though the last is undisclosed).

cooldeal14y ago

Yes, "Teen pwns Chrome in 10 days, how long will it take China?" can easily be the headline.

j / k navigate · click thread line to collapse

12 comments

slaven14y ago

fennecfoxen14y ago

Zirro14y ago

Actually, that "pink my-little-pony wielding a battle-axe"-pony is Pinkie Pie (http://mlp.wikia.com/wiki/Pinkie_Pie) ;)

You may also want to see: https://secure.wikimedia.org/wikipedia/en/wiki/My_Little_Pon...

nodata14y ago

How many unpatched Windows 7 boxes are there? Do you have any numbers. I thought automatic updates were enabled by default on them.

lloeki14y ago

> the limitation that hackers weren't allowed to exploit Windows vulnerabilities

He guessed "some predictable addresses allocated by Windows" though. Not detracting from the achievement, but this could arguably be stashed in the non-Chrome side of things.

lmm14y ago

josteink14y ago

Admittedly windows could do address space randomization which would make the exploit harder

According to Wikipedia, Windows provides one of the best ASLR on the market. I'm not sure why you are singling out Windows as a weak point here.

http://en.wikipedia.org/wiki/Address_space_layout_randomizat...

1 more reply

sparknlaunch1214y ago

Where do many of these hackers come from? What is their background?

I ask, as wish to know at a high level what tools and code they are using to find and exploit Chrome.

1 more reply

unreal3714y ago

Xlythe14y ago

cooldeal14y ago

Yes, "Teen pwns Chrome in 10 days, how long will it take China?" can easily be the headline.

j / k navigate · click thread line to collapse