Pwnium Hacking Contest Winners Exploited 16 Chrome Zero-days

May 23, 2012 By The Vigilant Application Owner

Computerworld – (International) Pwnium hacking contest winners exploited 16 Chrome zero-days. May 22, Google revealed the two researchers who cracked Chrome in March at the company’s inaugural “Pwnium” hacking contest used 16 zeroday vulnerabilities. The number of bugs each researcher used — 6 in one case, “roughly” 10 in the other — was dramatically more than the average attack. The Stuxnet worm of 2010, called “groundbreaking” by some analysts, used just four bugs, only three of them previously unknown “zero-day” vulnerabilities. Google detailed only the half dozen deployed by the researcher known as “Pinkie Pie” in a post to the Chromium blog May 22. Details of the 10 used by the other researcher will not be disclosed until they are patched in other programs they afflict, said two Chrome security engineers.