Hackers at the recent CanSecWest security conference in Vancouver, B.C., were challenged to exploit holes in an array of popular browsers. The most popular target — or “low-hanging fruit,” as programmer Garett Rogers told TechRepublic.com — was Safari on the Mac.
One presumed hacker named Charlie Miller is reported to have said: “It’s clear all three browsers — Safari, IE and Firefox — have bugs. Code execution holes are everywhere… But there’s almost no hurdles to jump through on Mac OS X.”
If that’s the case, Google’s Chrome browser was the “high-hanging” fruit.
“I might have this bug and I might be able to get code execution,” Miller said. “But you’re in a sandbox and you have no permissions to do anything. You need another bug to get out of the sandbox. Now you need two bugs and two exploits. That raises the bar.”
That’s a great explanation, if you understand hacker-ese. The real evidence, however, was that no hacker at the conference — even given the challenge — even attempted to exploit the Google browser.