Security firm exploits Chrome zero-day to hack browser, escape sandbox.

[sygeek]

ComputerWorld - French security company Vupen said today that it's figured out how to hack Google's Chrome by sidestepping not only the browser's built-in "sandbox" but also by evading Windows 7's integrated anti-exploit technologies.

"The exploit ... is one of the most sophisticated codes we have seen and created so far, as it bypasses all security features including ASLR/DEP/Sandbox," said Vupen in a blog post Monday. "It is silent (no crash after executing the payload), it relies on undisclosed ('zero-day') vulnerabilities and it works on all Windows systems."

Vupen posted a video demonstration of its exploit on YouTube.

According to Vupen, its exploit can be served from a malicious Web site. If a Chrome user surfed to such a site, the exploit executes "various payloads to ultimately download the Calculator from a remote location and launch it outside the sandbox at Medium integrity level."

Vupen used the Windows Calculator only as an example: In an actual attack, the "calc.exe" file would be replaced by a hacker-made payload.

Historically, Chrome has been the most difficult browser to hack, primarily because of its sandbox technology, which is designed to isolate Chrome from the rest of the machine to make it very difficult for a hacker to execute attack code on the PC.

For example, Chrome has escaped unscathed in the last three Pwn2Own hacking contests, an annual challenge hosted by the CanSecWest conference in Vancouver, British Columbia, and sponsored by HP TippingPoint's bug bounty program.

Visit the link for the full article.


UPDATE: Google Engineers Deny Hack Exploited Chrome.

"Several Google security engineers have countered claims that a French security company, Vupen, found a vulnerability in Chrome that could let attackers hijack Windows PCs running the company's browser. Instead, those engineers said the bug Vupen exploited to hack Chrome was in Adobe's Flash, which Google has bundled with the browser for over a year. Google's official position, however, has not changed since Vupen said it had sidestepped not only the browser's built-in 'sandbox' but also by evading Windows 7's integrated anti-exploit technologies. But others who work for Google were certain that at least one of the flaws Vupen exploited was in Flash's code, not Chrome's. 'As usual, security journalists don't bother to fact check,' said Tavis Ormandy, a Google security engineer, in a tweet earlier Wednesday. 'Vupen misunderstood how sandboxing worked in Chrome, and only had a Flash bug.' Chris Evans, a Google security engineer and Chrome team lead, tweeted, 'It's a legit pwn, but if it requires Flash, it's not a Chrome pwn.'"

 

[nisargshah95]

Great! Now Vupen should get some bounty. Seriously, great work!!!
Hasn't Firefox got any near yet? Was Firefox hacked at Pwn2Own?

 

[sygeek]

Great! Now Vupen should get some bounty.

$25K, man they are gonna be rich.

Hasn't Firefox got any near yet? Was Firefox hacked at Pwn2Own?

The Firefox was exploited this year, but it was withdrawn because of its instability. Although Firefox has been successfully exploited in 2010's Pwn2Own's contest. But chrome has surprisingly escaped last three Pwn2Own hacking contests because of it's sandbox technology which made it the most difficult browser to hack.

 

[sygeek]

Google Engineers Deny Hack Exploited Chrome

UPDATE:
Google Engineers Deny Hack Exploited Chrome.