also @ TechSpot: Adobe Creative Cloud apps now available; Photoshop CC includes new features

Vupen Security demonstrates sophisticated Google Chrome hack

By

On May 10, 2011, 6:39 PM Breaking News With Video

Google Chrome has earned a reputation for having rock solid security. While Internet Explorer, Safari and Firefox are regularly compromised during the annual Pwn2Own hacking convention, Chrome has always survived unscathed. In fact, Google tried to attract some heavy hitters this year with a record $20,000 bounty for escaping the browser's sandbox -- no one even bothered to try. Despite Chrome's impeccable track record, a French security firm reminds us today that no software is bulletproof.

Vupen Security reports that it has officially "pwned" Google Chrome's sandbox. In the video below (no sound), the company demonstrates an unknown vulnerability that can be used to bypass all of the security mechanisms present in the latest version of Chrome (11.0.695.65) when running on Windows 7 SP1 x64. In the clip, Vupen visits a specially crafted webpage with malicious code that sidesteps the sandbox, ASLR and DEP to remotely download and execute software at a medium integrity level.

Vupen considers the exploit to be one of the most sophisticated it's seen, not only because it bypasses the aforementioned security measures, but because it does so without the browser crashing. With the example shown, an attacker could essentially gain control of your system without you even knowing about it. Since the flaw is unknown and unpublished, there's no immediate threat, but Vupen is reportedly withholding the information from Google, so it's unclear when a fix will come.

No tags on this story

28 comments

User Comments: 28

Got something to say? Post a comment
  1. May 11, 2011 4:23 PM
    Guest said:

    LNCPapa: What is read?

    Reply
  2. May 11, 2011 4:32 PM
    gwailo247, TechSpot Chancellor, said:

    insect said:

    Why get more add-ons to do the work Chrome already does for you? Run in a sandbox and who cares if a script tries something malicious. Just close the sandbox instance (i.e., tab).

    Nevermind. Chrome on buddy.

    Reply
  3. May 15, 2011 2:10 PM
    doradhorror said:

    Guest said:

    What is with all these people who make assumptions without knowing (a simple google search would have found the Chrome alternative).

    CHROME HAS NOSCRIPT! It is called NotScripts.

    [link]

    Notscript is nothing compared to Noscript

    Reply

Recently commented stories

Comments page: 1 2

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.
TechSpot on:

Most Popular

Trending Featured
More Trending Topics

Downloads and Drivers

Downloads   Drivers  

FeedDemon 4.5

LibreOffice Productivity Suite 4.0.4

Free File Camouflage 1.10

WinRAR 5.0 Beta 6

AIDA64 Extreme Edition 3.00.2500

More Downloads

From the Forums

Virus removal 9 replies on Virus and Malware Removal

Repeating BSODs 11 replies on Windows BSOD, Freezing, Restarting Help

System Care Virus, need help please 32 replies on Virus and Malware Removal

PC restarts after few minutes in game 47 replies on Windows BSOD, Freezing, Restarting Help

Possible Virus and Malware 15 replies on Virus and Malware Removal

More Recent Discussion

Subscribe to TechSpot

Get free exclusive content, learn about new features and breaking tech news.