The second breach came from a long time open source and Google contributor Sergey Glazunov and was shown off during Google own Pwnium competition where entrants can earn up to $60,000 in prize money (called bounties) for the exploits they use.

The third was ironically from a teen who previously applied to work for Google, but according to him (he goes only by his alias “Pinkie Pie”) never even received a reply from the Ad/Search giant. Pinkie Pie managed to pull off three 0-day exploits in order to win another $60,000 from Google. What makes his attempt different (besides opening up the Windows image viewer with a picture of Pinkie Pie) was that getting out of the Sand Box was not the most complicated part of the hack. In fact Pinkie Pie said he found a simple way to do it.

The question now is; what is Google going to do to ensure that their Sand Box feature does not have more holes waiting to be exploited. After all having three people find unique ways to get exit the protected space of the browser and execute code on a target machine is not a good thing. We do full expect them to deal with these three security holes and in fact according to Google they have already patched the one submitted by Sergey Glazunov.  

Of the two remaining bugs the one submitted by Pinkie Pie is the most likely to be fixed soon as Google will have to pay Vupen for their sand box escape. We have a feeling that Google might find its browser the target of more attacks soon as the news of these three might make others dig deeper to find more in what would appear to be a rich environment.

Discuss this in our Forum