Skip to content ↓ | Skip to navigation ↓

So last week at Pwn2Own, Charlie Miller laid claim to a $5000 prize and a new Mac Powerbook by exploiting a bug in Safari. This is what he had to say about his exploit and another competitor who claimed some of the other prizes on other platforms:

“I was surprised. For IE 8, I’d give him a 9 out of 10. For Safari, maybe a 2. It’s just too easy to pop Safari. For Firefox on Windows, I give him a 10. That was the most impressive of the three. It’s really hard to exploit Firefox on Windows.”

And on Googles new Chrome:

“There are bugs in Chrome but they’re very hard to exploit. I have a Chrome vulnerability right now but I don’t know how to exploit it. It’s really hard. The’ve got that sandbox model that’s hard to get out of. With Chrome, it’s a combination of things — you can’t execute on the heap, the OS protections in Windows and the Sandbox.

I might have this bug and I might be able to get code execution. But now you’r ein a sandbox and you have no permissions to do anything. You need another bug to get out of the sandbox. Now you need two bugs and two exploits. That raises the bar.”

So there you have it IT Ninja’s Firefox or Chrome… Me? I prefer Chrome…its all shiny…

Follow me on twitter @theorrminator

Tripwire University
  • Ann

    I recently came across your blog and have been reading along. I thought I would leave my first comment. I don't know what to say except that I have enjoyed reading. Nice blog. I will keep visiting this blog very often.