Google rushes out Chrome patch for sandbox exploit, other still lurks

By on March 9, 2012, 2:00 PM

Shortly after two security researchers publicly bested Chrome at Pwn2Own and Pwnium a couple days ago, Google has rolled out a fix for one of the exploits. However, the second hack remains both a mystery and ominously at large.

At Google's own contest, Pwnium, a Russian university student by the name of Sergey Glazunov defeated Chrome via a cross-site scripting exploit and "bad history navigation". His method allowed him to escape Chrome's sandbox, a much touted security feature that isolates Chrome and would-be hackers from critical system operations.

For his efforts, Glazunov earned a cool $60,000.

Subsequently, Google prepared a patch for the exploit within 24 hours of the discovery. The fix has already been rolled out automagically in the latest Chrome update, 17.0.963.78. Users need only to restart Chrome in order to install it.

Despite Google's obvious efforts in keeping Chrome iron-clad, there may still be one more serious sandbox flaw remaining.

For the first time ever at Pwn2Own, security researchers revealed a zero-day exploit which penetrated Chrome's defenses. The security firm responsible for the hack, Vupen, bypassed Windows-based safe guards such as DEP (data execution prevention) and ASLR (address space layout randomization). The firm was then able to exploit a vulnerability found in the "default installation" of Chrome which also allowed them to escape Chrome's sandbox.

Unlike Pwnium however, Pwn2Own does not require hackers to disclose details about sandbox vulnerabilities. The reasoning is that such an exploit is far more valuable than the contest's prize of $20,000.

Pwn2Own's optional non-disclosure was a point of contention for Google, prompting the creation of their own spin-off, Pwnium, where disclosure is required but the prizes are larger.

As a result, Vupen refused to reveal the gory details about their hack. However, some security experts speculate that the firm exploited a flaw found in Chrome's integrated Adobe Flash module. If so, it may be a problem Adobe has to address.

User Comments: 7

Got something to say? Post a comment
Burty117 Burty117, TechSpot Chancellor, said:

Haha! To be fair though that means Google must hire some seriously good talent to have taken it this long to find a flaw in their browser. Very impressive indeed...

Guest said:

Those Vupen jerks should be prosecuted for selling hacks to the highest bidder.

Guest said:

If it is a problem with Adobe Flash, just remove support for it. Everything will be going to HTML5.

EEatGDL said:

Totally agree with burty117, the Google teams in general are quite impressive.

Guest said:

"Those Vupen jerks should be prosecuted for selling hacks to the highest bidder. "

I hope Google figures it out so they get nothing.

Guest said:

Google is finally learning what it is like to be a target.

Guest said:

This is a brand new dimension to the sandbox research which I was doing. thank you sir for this post.

Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.