Chrome Blog
The latest news from the Google Chrome team
Pwnium: great exploits, fast patches
2012年3月15日木曜日
Last week we debuted
Pwnium
, a contest based on our
Chromium Security Rewards program
. Both of these initiatives reward well intentioned researchers who help make the web a safer place by reporting security vulnerabilities. Our total payout to researchers for these programs is now well over half a million dollars.
We weren’t sure what kinds of reports we would get from Pwnium, but by the end of the week we were thrilled to have awarded $120,000 for two excellent submissions. Thanks to Chrome’s
rapid auto-update
functionality, we were able to update Chrome twice, in both cases protecting users less than 24 hours after the respective bugs were reported. While these vulnerabilities were reported directly and privately to us, this kind of speed is especially important if bugs were ever being actively abused to harm users.
Since the full exploits were disclosed, we were able to study them and add a range of additional defensive measures based on what we saw. These measures will make Chrome more secure from any similar hacks in the future. We’ll publish write-ups to honor these two highly creative works in the coming weeks.
Also last week, a separate exploit for Chrome was demonstrated at the
Pwn2Own
competition. We’ve since learned that the bug exploited a vulnerability in the Flash Player plug-in -- affecting all browsers. The contest organizers have reported the vulnerability details directly and privately to Adobe, and Adobe will be providing a fix as part of its forthcoming Flash Player update. When that happens, Chrome users will enjoy the advantage of an auto-update and quick protection. Looking forward, Adobe and Google are collaborating on a version of Flash Player which will run inside the primary Chrome sandbox. Chrome OS devices already ship with this next-generation sandbox for Flash Player.
Engaging the wider security community is one of our
core security principles
, and Pwnium is a great example of the benefits of this type of collaboration. Our special thanks to the contestants for their exceptional contributions to security on the web.
Posted by Chris Evans and Travis McCoy, Chrome Security Team
ラベル
3d
53
accessibility
apps
chrome
Chrome Blog
chrome for a cause
chrome notebook
chrome os
chrome web store
chromebook
college basketball
cr-48
demo lab
demolab
extensions
Flash
google cloud print
googlenew
holidays
HTML5
instant
lab tech
mac
web apps
webgl
webrtc
Archive
2016
9月
8月
5月
4月
3月
1月
2015
12月
11月
10月
9月
8月
6月
5月
4月
3月
2月
1月
2014
12月
11月
10月
9月
8月
7月
6月
5月
4月
3月
2月
1月
2013
12月
11月
10月
9月
8月
7月
6月
5月
4月
3月
2月
1月
2012
12月
11月
10月
9月
8月
7月
6月
5月
4月
3月
2月
1月
2011
12月
11月
10月
9月
8月
7月
6月
5月
4月
3月
2月
1月
2010
12月
11月
10月
9月
8月
7月
6月
5月
4月
3月
2月
1月
2009
12月
11月
10月
9月
8月
7月
6月
5月
4月
3月
Feed
Google
on
Follow @googlechrome
Follow
All things Google Chrome
Download Chrome
Download Chrome for Mobile
Chromium Blog
Chromium homepage