So last week at Pwn2Own, Charlie Miller laid claim to a $5000 prize and a new Mac Powerbook by exploiting a bug in Safari. This is what he had to say about his exploit and another competitor who claimed some of the other prizes on other platforms:
“I was surprised. For IE 8, I’d give him a 9 out of 10. For Safari, maybe a 2. It’s just too easy to pop Safari. For Firefox on Windows, I give him a 10. That was the most impressive of the three. It’s really hard to exploit Firefox on Windows.”
And on Googles new Chrome:
“There are bugs in Chrome but they’re very hard to exploit. I have a Chrome vulnerability right now but I don’t know how to exploit it. It’s really hard. The’ve got that sandbox model that’s hard to get out of. With Chrome, it’s a combination of things — you can’t execute on the heap, the OS protections in Windows and the Sandbox.
I might have this bug and I might be able to get code execution. But now you’r ein a sandbox and you have no permissions to do anything. You need another bug to get out of the sandbox. Now you need two bugs and two exploits. That raises the bar.”
So there you have it IT Ninja’s Firefox or Chrome… Me? I prefer Chrome…its all shiny…
Follow me on twitter @theorrminator