James Delahunty
7 Mar 2012 23:00
CORRECTED: Original article inaccurately stated that Chrome was the only browser that survived Pwn2Own 2011. Mozilla pointed out to us that Firefox had also remained secure at the Pwn2Own 2011 contest.
VUPEN defeats Chrome's sandbox.
The Google browser was first to fall victim at this year's Pwn2Own contest, despite not being hacked at the 2011 contest, along with Mozilla's Firefox browser.
VUPEN researchers used two zero-day flaws in its attack, which saw the Chrome browser defeated in less than five minutes. Chaouki Bekrar, head of research at VUPEN, said the pair of vulnerabilities got them complete control over a patched 64-bit Windows 7 machine.
"We had to use two vulnerabilities. The first one was to bypass DEP and ASLR on Windows and a second one to break out of the Chrome sandbox." Bekrar said.
He admitted that Chrome was the first to be targeted in order to send a message that no software is completely safe as long as there are people who are determined to find a way to exploit it. The exploit used by VUPEN was against the default installation of Google Chrome, which according to Bekrar, means that whether third party code was targeted or not is irrelevant.
VUPEN showed a video last year where it demonstrated successfully beating the Chrome sandbox, but Google responded quickly to claim that VUPEN actually exploited third party code (Flash) and not the browser itself.
Still, despite successfully hacking Chrome at Pwn2Own this year, Bekrar gave a nod to the security of the browser.
"The Chrome sandbox is the most secure sandbox out there. It?s not an easy task to create a full exploit to bypass all the protections in the sandbox. I can say that Chrome is one of the most secure browsers available."