Google’s “unbreakable” Chrome browser – the world’ second most-popular – was hacked in five minutes at a hacking conference in Vancouver by French security researchers.
Another researcher then showed off a second hack that could take over a Windows machine using an infected website – and earned a $60,000 “bounty” from Google for the hack.
Previously, Google’s Chrome has been considered almost “unhackable”.
Google paid out $60,000 for the second hack from its “prize pot” of $1 million for hackers who show off techniques for attacking its browser.
Google has since issued a patch for the browser which protects against the “exploit” used in the attacks.
The first hack, at Google’s own Pwnium hacking contest in Canada was by a French security firm, Vupen.
Vupen also demonstrated hacks that could break into Internet Explorer and Firefox – but these browsers are considered “easy meat” next to Google’s Chrome, which uses a technique known as “sandboxing” which separates it from the rest of the machine.
“We wanted to show that Chrome was not unbreakable,” Vupen’s head of research Chaouki Bekrar told ZDNet.
“Last year, we saw a lot of headlines that no one could hack Chrome. We wanted to make sure it was the first to fall this year.”
Companies such as Google now offer bounties for hackers who can down their browsers – which allows them to protect users against likely hacks.
“We have a big learning opportunity when we receive full end-to-end exploits,” Google said.
“Not only can we fix the bugs, but by studying the vulnerability we can enhance our mitigations, automated testing, and sandboxing. This enables us to better protect our users.”
Google also paid out $60,000 to a Russian researcher who demonstrated a hack that could run unauthorized programmes on a PC – simply from anyone visiting a website.
Google has a “prize pot” of $1 million dollars to be paid out for hi-tech hacks. .
Sophos’s Graham Cluley said: “Sergey Glazunov uncovered a remote code execution vulnerability in Chrome, that could be used by malicious hackers and cybercriminals to install and run code on innocent users’ computers, just by them visiting a website.”
“Glazunov, who is no stranger to reporting bugs in Chrome, won his substantial reward as part of the Pwnium competition run by Google at the CanSecWest conference in downtown Vancouver.”
Google’s fast, simple Chrome browser will move ahead of Microsoft’s Internet Explorer by the end of this year if current trends continue, according to research from research firm StatCounter.
Over the past year, Internet Explorer fell from 46% of the worldwide market to 38.5%.
In the same period, Google Chrome rose from 15.68% to 27.27%, overtaking rival Firefox in the process.
One version of Chrome – Chrome 15 – is already the world’s most popular browser, according to research released by Statcounter on December 15.
But taken together, all versions of Internet Explorer are still ahead of Google’s sleek Chrome browser.
The open-source browser Firefox was widely expected to take Internet Explorer’s crown, but recent versions have been bloated and slow.
Over the course of 2011, Firefox’s market share has dipped from 30.68 to 25.27%.
The browser climbed slightly in December, but the overall trend is definitely downwards.
The Irish research firm’s Global Stats report shows Chrome’s share of the worldwide market is up from 4.66% in November 2009.
StatCounter CEO Aodhan Cullen said after Chrome overtook Firefox: “We can look forward to a fascinating battle between Microsoft and Google as the pace of growth of Chrome suggests that it will become a real rival to Internet Explorer globally.”
Aodhan Cullen noted that his company measures usage, not just downloads of the browser, which he said in a blog post “show(s) that people are actually using it to access the web”.
StatCounter Global Stats are based on aggregate data collected on a sample exceeding 15 billion page views per month (4 billion from the US) from the StatCounter network of more than three million websites.
The Chrome browser has swiftly picked up users since Google officially released it to the public in December 2008 – much later than its rivals Firefox (2004), Apple’s Safari (2003) and Internet Explorer (1995) were released.