James Delahunty
10 May 2011 23:11
VUPEN Security has announced the discovery of a vulnerability in Google's Chrome browser software.
Google Chrome has survived assaults at the Pwn2Own contest for the last three years. Now, French security firm VUPEN says it is unhappy to announced that it has officially "Pwned" Google Chrome and its protective Sandbox measures.
VUPEN uploaded a video of the browser exploit in action which bypasses all security features including ASLR/DEP/Sandbox, without exploiting a Windows kernel vulnerability. It works on all Windows systems and with the latest versions of the Chrome browser.
In the video, a web page is loaded displaying just a text message - "Your browser is being Pwned!" - and after a few seconds of inactivity (and without a visible crash in Chrome), the windows calculator application runs. According to the VUPEN write-up, the calculator executable is downloaded and executed.
At Pwn2Own in March this year, VUPEN successfully attacked Safari in much the same way. A specially crafted web page was loaded and several seconds later, the Mac OS X calculator application was launched and a file was written to the hard drive to demonstrate that the Sandbox had been compromised.
For obvious reasons, the write-up does not disclose technical information on the exploit, only to say that it is one of the most sophisticated codes they have used so far.