computerworld – google’s chrome will likely survive the first day at next month’s pwn2own hacking challenge, but may fall the next when the rules change, the contest organizer predicted today.
the other three target browsers — apple’s safari,  microsoft’s internet explorer and mozilla’s firefox — will almost certainly tumble at pwn2own again this year, said aaron portnoy, the manager of hp tippingpoint’s security research team. but chrome is the wild card.
“‘i’m fairly certain that most, if not all, of the browsers will bei compromised,” portnoy said. “I suspect that ie, firefox and safari will all be hacked, but chrome won’t, not on the first day.”
tippingpoint is the sponsor of the fifth annual pwn2own contest, which runs march 9-11 at cansecwest, a vancouver, british columbia, security conference.

chrome will last longer than the other browsers — or maybe make it out of pwn2own unscathed for the third year running — because it’s the only one of the four that relies on a “sandbox.” a sandbox isolates system processes, theoretically preventing malware from escaping an application — like chrome — to infect the computer.

to exploit a sandboxed program like chrome — another is adobe reader x — hackers need not just one vulnerability but a pair: the first to escape the sandbox and a second to exploit the application itself.

“the sandbox in chrome is the big hurdle,” said peter vreugdenhil, a tippingpoint researcher and past winner of pwn2own. vreugdenhil will be one of the contest judges this year.

for the full article: