Hack Chrome, Win $20,000 79
CWmike writes "Google will pay $20,000 to the first to exploit its Chrome browser at this year's Pwn2Own hacking contest at CanSecWest in Vancouver, BC, on March 9. At this year's Pwn2Own, researchers will pit exploits against machines running Windows 7 or Mac OS X as they try to bring down Microsoft's IE, Mozilla's Firefox, Apple's Safari and Chrome. The first researchers to hack IE, Firefox and Safari will receive $15,000 and the machine running the browser. The prizes are $5,000 more than those given for exploiting browsers at the last Pwn2Own contest, and three times more than the 2009 awards. 'We've upped the ante this time around and the total cash pool allotted for prizes has risen to a whopping $125,000,' said Aaron Portnoy, the manager of the sponsor, HP TippingPoint's security research team, which set the contest's rules Wednesday in a blog post written by Portnoy."
Re:Chrome stands tall (Score:2, Informative)
Yeah, people sometimes forget about this when talking about sandboxes. The sandbox might prevent malware from escaping to the OS or to another tab process, but it WON'T prevent it from masquerading as the tab session, and snooping on whatever you're doing in that tab. Even if things like form input/submission were moved to the broker, the malware could just rewrite the DOM, since parsing is typically done with least permissions. It's just a short-lived malware infection, existing only in memory.