Slashdot Mirror
Revealed: Chrome Really Was Exploited At Pwnium 2013
Freshly Exhumed writes with an "inconvenient truth" as reported at Internet News: "Google Chrome running Chrome OS was hailed as being a survivor in the Pwnium/Pwn2own event that hacked IE, Firefox and Chrome browsers on Windows. Apple's Safari running on Mac OS X was not hacked and neither (apparently) was Chrome on Chrome OS. Google disclosed [Monday] morning that Chrome on Chrome OS had in fact been exploited — albeit, unreliably. The same researcher that took Google's money last year for exploiting Chrome, known publicly only as 'PinkiePie' was awarded $40,000 for exploiting Chrome/Chrome OS via a Linux kernel bug, config file error and a video parsing flaw." Asks Freshly Exhumed: "So, was it really Google Chrome, or was Linux to blame?"
it's a feature. Obligatory
That sucking sound you hear is my bandwidth.
But wait! The config file was really the kernel .config, and the error was setting CONFIG_ESCALATE_TO_ROOT_RANDOMLY=M.
PinkiePie should be given at least 41 months behind bars!! Down with all "Hackers". Put them all in Jail!!!! PFFFFTTTTTT!!!!!
Comment from a happy_place calling PinkiePie "kinda cute" is a bit amusing in itself, but not going to crack jokes on it here when what I find more interesting is the hint that there potentially is a hacker/cracker group out there called "My Little Pwnies". Will leave the humor and fact finding to those more interested and better suited for each of those categories.
All we need is the OCD freak who tests everything meticulously, the simple hard-worker who keeps at it, the rock-star coder obsessed with speed, the hacker who's all about style, and the shy introvert with a menagerie of botnets and they could summon the freaking elements of exploitation.