After being cracked by a Russian student bypassing the sandbox within two minutes, the Chrome browser broke down again. This time it was a teenager hacker named PinkiePie, he had prepared more than a week before, combining three new vulnerabilities, use the latest version of Chrome stable to obtain full system privileges on a Dell flexibility laptop running Windows 7 with all security patches. PinkiePie won the second $60 thousand prize, of course, from Google.
Google employee said PinkiePie was a professional security researcher who did not sell the vulnerabilities to a third party. PinkiePie said that the simplest step in the entire attack process is to jump out of the Chrome sandbox after the initial attack. He found a way out of sandbox early on, but he refused to talk about specific technical details.
At present, the Pwnium prize pool is worth $0.88 million. In addition, it should be noted that a hacker has also cracked Chrome, but he seems to be using the Flash Vulnerability bound in Chrome, so he did not receive a bonus.
Update: The Chrome Stable branch is immediately upgraded to 17.0.963.79 to fix the Security Vulnerability Detected by PinkiePie.