

Researchers win $100,000 for Chrome hack that leaves Windows vulnerable - spacestronaut
http://news.cnet.com/8301-1009_3-57573064-83/researchers-win-$100000-for-chrome-hack-that-leaves-windows-vulnerable/

======
sirclueless
The comments are a little depressing. Everyone is saying "Oh god uninstall
Chrome" when they should be saying "Thank Google, they paid for this thing up
front instead of people getting hacked."

~~~
eksith
Agreed. I did get a kick out of this one : "uninstall yourself out of the
internet", which thus far has been the only guaranteed method of avoiding any
sort of exploit.

Normally this is the sort of privilege escalation we'd see from IE, but I do
wish operating systems, Windows in particular, had better sandboxing for
applications. Browser sandboxing alone obviously isn't gonna cut it.

------
randomfool
Title is a bit sensationalist and makes no mention of the two Win8/IE10
exploits found at the same event. Nor FF for that matter.

~~~
tterrace
How is the title sensationalist? It describes exactly what happened.

------
SquareWheel
I'm curious why they showed this at Pwn2Own and not Google's own Pwnium,
especially if they are going to share the exploit with Goog. Is there more
money to be made this way?

~~~
smtddr
I believe there's some conflict between Google and Pwn2Own.

<http://en.wikipedia.org/wiki/Pwn2Own#Controversy_with_Google>

~~~
randomfool
I believe that the rules were changed this year to require full disclosure.
Prize money was upped to commensurate.

Pwnium was ChromeOS only, while the sandbox escape portion of this attack was
Windows-only (possibly 32bit Windows only as well?)

