Results of TippingPoint's CanSecWest hacking contest, Pwn2Own, once again demonstrated that building a perfectly secure Internet browser is very difficult. Even though Firefox and Apple rushed out dozens of last-minute security patches before the big contest, Firefox, Safari, and Internet Explorer 8 all quickly fell. A Safari bug even led to the first serious documented iPhone 3G exploit.
The only browser left standing was Google's Chrome. Many observers attributed this success to Chrome's aggressive security model (which is truly impressive in many ways). But that would ignore the fact that Chrome has had at least 18 documented vulnerabilities in the past three months alone -- nearly one-third of which would enable a malicious hacker to compromise a system or bypass access controls. Those 18 vulnerabilities in Chrome followed 16 others reported during the three prior months -- 60 percent of which could lead to system compromise or security control bypass.
The link for this article located at InfoWorld is no longer available.