http://2.bp.blogspot.com/_Fw4BZ6O1Rrw/Sjpld8_K5jI/AAAAAAAACr8/pMFHKKd7aVI/s400/Google+Chrome+Logo.pngPwn2Own 2010: Google Chrome is the last man standing
Mar 25th 2010 at 9:01AM

" Pwn2Own 2010 is under way, and after day one of the annual security showdown the results are darn near an exact replica of last year's. Safari was the first to fall, followed by Internet Explorer 8 on Windows 7. Firefox on Windows 7 x64 was also taken down, as was the iPhone's mobile Safari. Google Chrome, however, has yet to succumb.

Once again, it's Chrome's sandbox which is making things difficult. At last year's Pwn2Own, Charlie Miller had this to say:

"There are bugs in Chrome but they're very hard to exploit. I have a Chrome vulnerability right now but I don't know how to exploit it. It's really hard. They've got that sandbox model that's hard to get out of. With Chrome, it's a combination of things - you can't execute on the heap, the OS protections in Windows and the Sandbox."

Miller successfully targeted Safari on OsX using one of 20 exploits he had at the ready -- exploits which he uncovered using a simple 5-line Python script. "Tomorrow, I'm going to describe exactly how I found them, so hopefully that means Apple will replicate what I did and they'll find my 20 and probably a lot more," Miller stated.

The mobile Safari attack was particularly impressive, since running code on the iPhone requires a valid digital signature. By rearranging bits of pre-signed code, Halvar Flake of Zynamics was able to deliver a malicious payload via Safari and force the iPhone to cough up its complete SMS database. Contacts and messages were laid bare -- including deleted ones.

While most (if not all) of these exploits aren't being used in the wild, it's still an indication of just how scary the landscape of the Internet is right now. How do you stay safe? Google Chrome looks like a good choice, obviously, but there's another option: Opera.

As one participant put it, "I use Opera, but that's basically because it has a tiny market share and as far as I know, nobody is really interested in creating a drive-by download for Opera."

Gotta love security by obscurity -- am I right, Apple fans? "

:source: [b]Source: Pwn2Own 2010: Google Chrome is the last man standing (http://www.downloadsquad.com/2010/03/25/pwn2own-2010-google-chrome-is-the-last-man-standing/):view: Homepage: http://www.downloadsquad.com/

I'm trying to get in the habit of using sandboxie with whatever browser I'm using at the moment. They say the 64 bit version of ie8 is also very isolated and secure.

I came a little.

interesting. wonder if there are any performance penalties in chrome for being so secure

Actually Chrome is faster than firefox or ie. I will switch when AB+ is available for it.

Actually Chrome is faster than firefox or ie.

Is it faster than Opera 10.50? :naughty:

If chome has more optional extensions as firefox,mostly something like ABP and many other excellent ones，I bet chrome will have a large share。
Now I’m using firefox with noscript，it's much safer！

I didn't find no script to be worth the hassle. If a site is compromised you can still be attacked through your white list fwir. I like the virtualized security like sandboxie but noscript could still be cool to see whats going on.

I use NoScript... it's annoying to set up your initial whitelist of sites you frequent but afterwards it works quite well. CookieSafe is another decent extension that works just like NoScript does except with cookies rather than scripts.

CookieSafe is another decent extension that works just like NoScript does except with cookies rather than scripts.

I wish there was something like that for Opera... I hate tracking/unnecessary cookies, and disabling them individually doesn't really work. :dry:

So Google Chrome is pretty useful after all. Once they get ABP for Chrome, I'm switching browsers. :D

This article seemed to spin it in a pro-Chrome way. I had heard that no one had even attempted to hack chrome at Pwn2Own, which makes the fact that it wasn't hacked rather moot. True, they patched a few security vulnerabilities in the weeks leading up to the competition which may have deterred some planned hacks but I'm not that confident that it's impossible to do.

As Chrome's share increases I think we'll see more hacks for it. I'd be hard pushed to move from Firefox, so many great addons that I couldn't possibly do without !!

Once they get ABP for Chrome, I'm switching browsers. :D

A suggestion: search for "SRWare Iron".

It also has a built-in ad blocker.

Actually Chrome is faster than firefox or ie.

Is it faster than Opera 10.50? :naughty:

Opera has too many useless features. I found Chrome; Lightweight, Fast and Secure. The Add-ons for Chrome are still in it's infant stages but I'm sure we'll see a Spam-fest within the next year.



Once they get ABP for Chrome, I'm switching browsers. :D

A suggestion: search for "SRWare Iron".

It also has a built-in ad blocker.

Chrome + AdBlock extension
https://chrome.google.com/extensions/detail/gighmmpiobklfepjocnamgkkbiglidom
:shifty:

Sorry If I seem to be bashing your posts anon, but I really like what Google's doing with Chrome.

Opera has too many useless features.

Don't use them :ermm: Although that can't be denied - it'd be nice if there was some kind of lite version without the Unite stuff, for example, which I have no use for. That may make the browser start up faster or use less RAM.


Chrome + AdBlock extension
https://chrome.google.com/extensions/detail/gighmmpiobklfepjocnamgkkbiglidom
:shifty:

Sorry If I seem to be bashing your posts anon, but I really like what Google's doing with Chrome.

No problem, I forgot about that addon :happy:

However, the main point of my post was suggesting Iron (a fork) over Chrome because of the removed tracking features.