Google Chrome has earned a reputation for having rock solid security. While Internet Explorer, Safari and Firefox are regularly compromised during the annual Pwn2Own hacking convention, Chrome has always survived unscathed. In fact, Google tried to attract some heavy hitters this year with a record $20,000 bounty for escaping the browser's sandbox -- no one even bothered to try. Despite Chrome's impeccable track record, a French security firm reminds us today that no software is bulletproof.
Vupen Security reports that it has officially "pwned" Google Chrome's sandbox. In the video below (no sound), the company demonstrates an unknown vulnerability that can be used to bypass all of the security mechanisms present in the latest version of Chrome (11.0.695.65) when running on Windows 7 SP1 x64. In the clip, Vupen visits a specially crafted webpage with malicious code that sidesteps the sandbox, ASLR and DEP to remotely download and execute software at a medium integrity level.
Vupen considers the exploit to be one of the most sophisticated it's seen, not only because it bypasses the aforementioned security measures, but because it does so without the browser crashing. With the example shown, an attacker could essentially gain control of your system without you even knowing about it. Since the flaw is unknown and unpublished, there's no immediate threat, but Vupen is reportedly withholding the information from Google, so it's unclear when a fix will come.