Chrome hacked...

settingsuns · 12. May 2011, 03:11 AM

By these guys called VUPEN.

http://www.zdnet.com/blog/security/g...d-exploit/8626

I hope it had nothing to do with this pair

https://chrome.google.com/webstore/d...kajceokkdgipbm

MidnightCowboy · 12. May 2011, 08:25 AM

I'm not saying this isn't the case because unless and until Vupen decide to share details we've not likely to know. We have however seen this before from Vupen who's main intent seems to promote themselves for financial gain.

This maybe helps to balance it out a bit.

http://www.computerworld.com/s/artic...browser_s_code

eyeb · 12. May 2011, 08:52 AM

hm, i don't really buy the it's a flash thing and not a chrome pwn... The entire reason is that chrome choose to include flash in it's browser. Unlike firefox/etc which doesn't come bundled with flash, chrome does and as such the flash exploit is a chrome exploit to me.

It's like saying windows has no exploits, it only has internet explorer exploits... and when it by passes IE, then say it's a UAC exploit, then so and and so furth. Because the exploits didn't "happen" to the windows base code, saying it wasn't a windows exploit is misdirection/plain out lying.

Though I do feel chrome is safe though, because we all know nothing can be 100% safe 100% of the time, look at sony right now, they did what everyone else in the industry did for security but they got pwned.

settingsuns · 12. May 2011, 06:07 PM

Just an update.

http://www.informationweek.com/news/...acks/229500086

settingsuns · 12. May 2011, 07:35 PM

[QUOTE=MidnightCowboy;52226]I'm not saying this isn't the case because unless and until Vupen decide to share details we've not likely to know. We have however seen this before from Vupen who's main intent seems to promote themselves for financial gain.

Hi MC. It sure does seem a mixed up muddle of a security world at present. Google offer financial reward, to have Chrome hacked.

http://blog.internetnews.com/skerner...hacks-rew.html

VUPEN seem to have stepped up, and achieved what Google baited others to do. Then, the antsy bickering starts. This probably could not of come at a worse time for Google, with the much publicised lauch of $20 rented laptops.

http://money.msn.com/top-stocks/post...7-6823f92a4968

As eyeB comments, Sony are in problems also.

http://news.cnet.com/8301-1009_3-20060661-83.html

The words stable door, horse, and bolted, come to mind here. Perhaps, Sony would have been better off employing VUPEN to exploit their security, and save a lot of people from id theft, rather than financial reward after the damage is done. What a mess.

Anupam · 12. May 2011, 08:10 PM

I have moved this thread to this forum again(where it was posted in first place), because the links are getting really out of topic.

12. May 2011, 03:11 AM	#1 (permalink)
settingsuns Full Member Join Date: Jan 2010 Posts: 57	Chrome hacked... By these guys called VUPEN. http://www.zdnet.com/blog/security/g...d-exploit/8626 I hope it had nothing to do with this pair https://chrome.google.com/webstore/d...kajceokkdgipbm

12. May 2011, 08:25 AM	#2 (permalink)
MidnightCowboy Site Manager Join Date: Aug 2008 Location: South American Banana Republic, third bunch from the left Posts: 9,250	I'm not saying this isn't the case because unless and until Vupen decide to share details we've not likely to know. We have however seen this before from Vupen who's main intent seems to promote themselves for financial gain. This maybe helps to balance it out a bit. http://www.computerworld.com/s/artic...browser_s_code __________________ Knows nothing and cares even less

12. May 2011, 06:07 PM	#4 (permalink)
settingsuns Full Member Join Date: Jan 2010 Posts: 57	Just an update. http://www.informationweek.com/news/...acks/229500086 Last edited by Anupam; 12. May 2011 at 08:10 PM. Reason: VUPEN link removed. Unnecessary.

12. May 2011, 08:10 PM	#6 (permalink)
Anupam Moderator Join Date: Jul 2008 Location: India Posts: 9,484	I have moved this thread to this forum again(where it was posted in first place), because the links are getting really out of topic. __________________ Anupam

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

12. May 2011, 08:52 AM	#3 (permalink)
eyeb Senior Member Join Date: Sep 2010 Location: Planet X Posts: 487	hm, i don't really buy the it's a flash thing and not a chrome pwn... The entire reason is that chrome choose to include flash in it's browser. Unlike firefox/etc which doesn't come bundled with flash, chrome does and as such the flash exploit is a chrome exploit to me. It's like saying windows has no exploits, it only has internet explorer exploits... and when it by passes IE, then say it's a UAC exploit, then so and and so furth. Because the exploits didn't "happen" to the windows base code, saying it wasn't a windows exploit is misdirection/plain out lying. Though I do feel chrome is safe though, because we all know nothing can be 100% safe 100% of the time, look at sony right now, they did what everyone else in the industry did for security but they got pwned.

12. May 2011, 07:35 PM	#5 (permalink)
settingsuns Full Member Join Date: Jan 2010 Posts: 57	[QUOTE=MidnightCowboy;52226]I'm not saying this isn't the case because unless and until Vupen decide to share details we've not likely to know. We have however seen this before from Vupen who's main intent seems to promote themselves for financial gain. Hi MC. It sure does seem a mixed up muddle of a security world at present. Google offer financial reward, to have Chrome hacked. http://blog.internetnews.com/skerner...hacks-rew.html VUPEN seem to have stepped up, and achieved what Google baited others to do. Then, the antsy bickering starts. This probably could not of come at a worse time for Google, with the much publicised lauch of $20 rented laptops. http://money.msn.com/top-stocks/post...7-6823f92a4968 As eyeB comments, Sony are in problems also. http://news.cnet.com/8301-1009_3-20060661-83.html The words stable door, horse, and bolted, come to mind here. Perhaps, Sony would have been better off employing VUPEN to exploit their security, and save a lot of people from id theft, rather than financial reward after the damage is done. What a mess.