Vupen Security demonstrates sophisticated Google Chrome hack

By Matthew
May 10, 2011
Post New Reply
  1. Google Chrome has earned a reputation for having rock solid security. While Internet Explorer, Safari and Firefox are regularly compromised during the annual Pwn2Own hacking convention, Chrome has always survived…

    Read the whole story
  2. Lionvibez

    Lionvibez TS Evangelist Posts: 1,082   +331

    Firefox with Noscript FTW!!
  3. Win7Dev

    Win7Dev TS Evangelist Posts: 537   +152

    The video doesn't show a whole lot. FF4 is secure enough for me. All you have to do is compile it yourself and make sure script is disabled permanently *evil laugh*
  4. gwailo247

    gwailo247 TechSpot Chancellor Posts: 2,011   +18

    Yeah, the lack of NoScript is a dealbreaker for me. I don't trust any web site's promises, I only enable enough scripts to get the page working. White lists, trusted sites, etc, sorry, faith in those has been gone for quite a while.
  5. I could not agree with the above posters more. The lack of NoScript is THE dealbreaker for me. I know about NotScript, but it just doesn't cut it compared to NoScript. When Chrome gets NoScript and the tracker option, I will use Chrome, but until then it's FF4 all of the way.
  6. stewi0001

    stewi0001 TS Evangelist Posts: 1,142   +483

    Next they will make a video of them teleporting between all the google offices and saying that they have been pwned!
  7. Zecias

    Zecias TS Booster Posts: 202

    dunno why you guys are complaining about chrome's security; i've never had any probelms with it.
  8. insect

    insect TS Evangelist Posts: 315   +114

    Umm, you can open the calculator with a keyboard shortcut. This doesn't prove anything other than someone can do a little trickery. I think it's just to get their name out there with a viral video. If they were truly a security company they would disclose this to Google ASAP.

    Also... really?! First Chrome "hack" ever and all the FF fanboys come out in droves despite the once per week hacks of FF. Really? That insecure about your browser?
  9. captaincranky

    captaincranky TechSpot Addict Posts: 11,467   +1,760

    So then, I suppose you're not a Google fanboi? The first sign of anything is denying it, and a close second is accusing others of it. Please continuing using Chrome, with my blessing. That way, Google will have its corporate nose up your a**, instead of mine.

    And BTW, you don't have to hack Chrome, its got the spyware built in. Googleupdate.exe, Googleanalytics, don't you just feel all warm and fuzzy with Google watching over you all the time?
  10. lawfer

    lawfer TechSpot Paladin Posts: 1,270   +91

    Oh yes he loves the warmth and the fuzziness. And dear lord, couldn't his username be any more appropriate?
  11. Heck I could reproduce that video.

    Step 1: Install apache
    Step 2: Create html page that says "Chrome getting pwned"
    Step 3: Launch Chrome
    Step 4: Go to local html page
    Step 5: Press the calculator key on my keyboard

    That doesn't prove any exploit whatsoever. Show tits or gtfo.
  12. gwailo247

    gwailo247 TechSpot Chancellor Posts: 2,011   +18

    Actually I would really like to use Chrome as my primary, I prefer its aesthetics and functionality to FireFox. But it doesn't have NoScript, which is pretty much what all us "fanboys" said about it.

    These days you have to worry about what companies do legally on the web as much as you have to worry about criminals.
  13. Lurker101

    Lurker101 TS Evangelist Posts: 727   +230

    I'm calling bullshit on that video. There's nothing in that video that can't be reproduced without an exploit.
  14. slamscaper

    slamscaper TS Booster Posts: 159   +26

    Yep, using FF and NoScript is the most reliable way to browse safely. I can't say enough good things about this add-on. It saves me headaches. When I want to get even bolder with my browsing habits, I launch my VM and have at it like there's no tomorrow.
  15. insect

    insect TS Evangelist Posts: 315   +114

    I actually like IE9, FF, and Chrome. They all have the same basic functionality and features. But I'd rather have Google making me feel warm and fuzzy than a script-kiddie making me miserable. I was just pointing out the irony of the first four posts being about people saying how FF was somehow "better" cause Chrome got "hacked" once, which as others and I are pointing out appears to be BS.
  16. stewi0001

    stewi0001 TS Evangelist Posts: 1,142   +483

    sorry Guest but you failed to reproduce it because you need a mouse to slowly glide over the calculator buttons XD
  17. tonylukac

    tonylukac TS Evangelist Posts: 1,292   +55

    I dunno, but websites simply don't render without javascript. Don't you have to disable java anyway to be really safe, or does noscript do this?
  18. fpsgamerJR62

    fpsgamerJR62 TS Rookie Posts: 489

    One instance of an alleged successful exploit isn't enough for me to dump Chrome in favor of any of the other 4 browsers installed on my PC. Until such time that Vupen Security discloses to Google the full details of the exploit, the company cannot escape the suspicion that the video was no more than a publicity stunt.
  19. What is with all these people who make assumptions without knowing (a simple google search would have found the Chrome alternative).

    CHROME HAS NOSCRIPT! It is called NotScripts.
  20. LNCPapa

    LNCPapa TS Special Forces Posts: 4,202   +422

    Guest, please read the rest of the thread before making angry posts about the posts you've made it to.
  21. gwailo247

    gwailo247 TechSpot Chancellor Posts: 2,011   +18

    You don't really appear to understand how NoScript works. FireFox isn't better, NoScript is better. Since Chrome doesn't have NoScript, I use FireFox. You don't really seem to understand the concept of irony either.
  22. gwailo247 nailed it.

    Also, for those using Firefox and want additional privacy add-ons, I recommend Ghostery and Better Privacy. Honestly, I do prefer Chrome, I'm not a Firefox fanboy. I'm a little concerned however that Chrome is the only major browser who still hasn't implemented a "Do Not Track" header. Hell, even Safari & IE9 have it! Anyways, once NoScript (not NotScript) is ported to Chrome and they add a "Do Not Track" header, I'll use Chrome from here on out.

    --The same Guest who posted the 4th comment.
  23. insect

    insect TS Evangelist Posts: 315   +114

    Why get more add-ons to do the work Chrome already does for you? Run in a sandbox and who cares if a script tries something malicious. Just close the sandbox instance (i.e., tab).
  24. Any one else see how the one of the icons on the bottom right hand corner disappeared after the browser has been "pwnd"? Just seems kind of weird to me.
  25. Chazz

    Chazz TS Evangelist Posts: 668   +72

    I guess chrome has the "Apple effect" on it's users. This isn't the first exploit chrome has had and it won't be the last. Chrome has very good security but holes are being patched constantly, they just aren't vocal about it as other companies are.

    And if I recall correctly, Google Patched chrome the day of Pwn2Own which is the reason no one even attempted to hack it. I don't think the other browsers did that. Thats kind of cheating.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...