X

French researchers demo attack on Chrome

Security experts say they were able to bypass several security measures in Chrome running on Windows.

Elinor Mills Former Staff Writer
Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service and the Associated Press.
See full bio
Elinor Mills
2 min read
 
Vupen posted a video of the demo of what they say is an exploit against Chrome.
Vupen posted a video of the demo of its exploit against Chrome. Vupen Security

French security firm Vupen said today its team has figured out a way to bypass security measures in Chrome and offers a video demo it says is a successful attack against the browser running on a Windows machine.

"We are (un)happy to announce that we have officially Pwnd Google Chrome and its sandbox," the Vupen Security blog said. "The exploit shown in this video is one of the most sophisticated codes we have seen and created so far as it bypasses all security features including ASLR [Address Space Layout Randomization]/DEP [Data Execution Prevention]/Sandbox, it is silent [no crash after executing the payload], it relies on undisclosed (0day) vulnerabilities discovered by VUPEN and it works on all Windows systems (32-bit and x64)."

In the video, someone using Chrome v11.0.696.65 on Windows 7 Service Pack 1 (x64) is tricked into visiting a malicious Web page hosting the exploit. Once the machine is compromised, the exploit code downloads a Calculator program from a remote location and launches it outside the sandbox at "medium" integrity level, according to Vupen.

"While Chrome has one of the most secure sandboxes and has always survived the Pwn2Own contest during the last three years, we have now uncovered a reliable way to execute arbitrary code on any installation of Chrome despite its sandbox, ASLR and DEP," the post said.

Vupen, which did not respond to an e-mail seeking comment today, said it would not publicly disclose the exploit code or technical details of the vulnerabilities but will share them with its government customers as part of its vulnerability research services.

Asked for comment, a Google spokesman said: "We're unable to verify VUPEN's claims at this time as we have not received any details from them. Should any modifications become necessary, users will be automatically updated to the latest version of Chrome."

Chrome's sandbox technology is designed to isolate code from other parts of the computer so that if malicious code does get in, its damage is limited. Adobe has added sandbox technology to Reader.