Hackers Subvert Google Chrome Sandbox

Vulnerability research firm Vupen said its found a way to execute arbitrary code in the browser.

Slideshow: Google Chrome 10 Boosts Performance, Management
(click image for larger view and for slideshow)
On Monday, French vulnerability research firm Vupen said that it has discovered a way to circumvent the sandbox in the Google Chrome browser. The sandbox is designed to prevent attackers from exploiting arbitrary code via the browser.
According to Vupen, the exploit it created bypasses all security features including ASLR/DEP/Sandbox (and without exploiting a Windows kernel vulnerability), it is silent (no crash after executing the payload), it relies on undisclosed (0 day) vulnerabilities discovered by Vupen, and it works on all Windows systems (32-bit and x64). ASLR and DEP refer to two
attack mitigation technologies
: address space layout randomization (ASLR), for preventing attackers from easily locating local files to exploit, and data execution prevention (DEP) for preventing attackers from executing arbitrary code.
Vupen, however, didnt provide specific details of the attack. Rather, the company said that its only releasing details of the proof-of-concept exploit to its government customers. For security reasons, the exploit code and technical details of the underlying vulnerabilities will not be publicly disclosed. They are exclusively shared with our government customers as part of our vulnerability research services, it said.
For everyone else, Vupen uploaded a
video demonstration of the attack
to its website, which shows Chrome v11.0.696.65 being exploited when a user visits a Web page containing the exploit code. For the purposes of the demonstration, the exploit code downloads the Calculator application from a remote location, then launches it on the users PC, outside the sandbox.
Asked for comment on the flaw itself, or the potential risk it poses to Chrome users, Google demurred. Were unable to verify Vupens claims at this time as we have not received any details from them, said a spokesperson for Google, via email. Should any modifications become necessary, users will be automatically updated to the latest version of Chrome.
Google has a reputation for rapidly patching Chrome, helped in no small part--given the prevalence of Adobe Flash, Reader, and Acrobat bugs--by its having
first dibs
on Adobe patches.
Exploiting Chrome has evidently been on the Vupen researchers minds. In March, they won a prize in the
Pwn2Own
hacking contest by compromising Apple Safari in five seconds, which earned them $15,000. But they could have sweetened the pot by $5,000 if they had hacked Google Chrome, which hadnt been cracked during three years worth of Pwn2Own contests.
At least part of that fact could be due to Google running its own
bug bounty program
, which now pays anywhere from $500 to $3,133.70 for information on particularly egregious vulnerabilities in or clever exploits of its products. Vupen not submitting the details of the bug it discovered leaves open the possibility that someone else might submit the information in return for the reward.
But Vupens move also illustrates the market dynamics at work behind vulnerability research. Namely, a company such as Vupen builds its business by attracting subscribers to its software vulnerability information service, meaning that its revenue relates directly to the quality, timeliness, and--sometimes--exclusivity of its bug notices.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Hackers Subvert Google Chrome Sandbox