Soldato
- Joined
- 18 May 2010
- Posts
- 23,648
- Location
- London
Pwn2Own 2017 - Chrome unhackable whilst Firefox too easy.
- Thread starter opethdisciple
- Start date
- Joined
- 18 May 2010
- Posts
- 23,648
- Location
- London
It's not 'unhackable'. Nothing is 'unhackable'. But of the browsers tested the hacking teams wanting to earn the most money choose not to target Chrome as much as the others in order to maximize their profits.
Most likely because to target chrome would be not to make as much money as targeting other browsers as it would take up more of their time as it's more secure.
Article.
I think the fact that money is involved really incentives people to hack some thing. If there was money to be made out of hacking Chrome, these guys would have been right on it.
Most likely because to target chrome would be not to make as much money as targeting other browsers as it would take up more of their time as it's more secure.
Article.
I think the fact that money is involved really incentives people to hack some thing. If there was money to be made out of hacking Chrome, these guys would have been right on it.
- Joined
- 18 May 2010
- Posts
- 23,648
- Location
- London
That's the point tho in the bug bounty program. It means Google are encouraging people to ethically hack the browser then tell Google so they can patch it. At least they are ethical hackers rather than black hat hackers looking to exploit the vulnerabilities in the browser.
Which is why it seems to be more secure because a lot of the vulnerabilities which we know about TODAY are already covered.
Although Firefox is open source (so is Chrome to an extent as it's based on Chromium) it doesn't seem to have this level of exposure amongst the ethical hacking community simply because there isn't enough money being made available.
It's about incentives.
On top of that Chrome has architectural advantages over Firefox, due to it's multi threaded sand boxed nature.
---
No software is secure ever. Tomorrow someone might make a huge discovery that we simply didn't understand yesterday and it makes Chrome look like it has more holes than Swiss cheese. But this is why there is this bug bounty program. There is a monetary incentive for people to hack the browser, making it penetration and battle tested.
Which is why it seems to be more secure because a lot of the vulnerabilities which we know about TODAY are already covered.
Although Firefox is open source (so is Chrome to an extent as it's based on Chromium) it doesn't seem to have this level of exposure amongst the ethical hacking community simply because there isn't enough money being made available.
It's about incentives.
On top of that Chrome has architectural advantages over Firefox, due to it's multi threaded sand boxed nature.
---
No software is secure ever. Tomorrow someone might make a huge discovery that we simply didn't understand yesterday and it makes Chrome look like it has more holes than Swiss cheese. But this is why there is this bug bounty program. There is a monetary incentive for people to hack the browser, making it penetration and battle tested.