Pinkie Pie Earns $60K At Pwn2Own With Three Chromium 0-Day Exploits

Tackhead writes "Hot on the hooves of Sergey Glazunov's hack 5-minutes into Pwn2Own, an image of an axe-wielding pink pony was the mark of success for a hacker with the handle of Pinkie Pie. Pinkie Pie subtly tweaked Chromium's sandbox design by chaining together three zero-day vulnerabilities, thereby widening his appeal to $60K in prize money, another shot at a job opportunity at the Googleplex, and instantly making Google's $1M Pwnium contest about 20% cooler. (Let the record show that Slashdot was six years ahead of this particular curve, and that April Fool's Day is less than a month away.)"

WebKit

[93+Escort+Wagon]

It's interesting that the article implies the flaw is in WebKit rather than, say, JavaScript or Flash. So there'll need to be a similar patch made for Safari (which the article also briefly touches on).

Re:Pwn2Own rocks.

[Billly+Gates]

One downside is many are reporting on ZDNet, that the IE 9 exploit that was shown yesterday has new trojans already working for it.

Since it is a 0 day exploit it is undetectable by any anti virus scanner yet and all you need to do is search under Google Image and you are instantly infected without clicking on anything.

Google at least patched the last one in 24 hours, but I do not trust other browsers or users to patch that quick.