Google Chrome hacked with sophisticated exploit

Summary:Security researchers from VUPEN have successfully hacked Google's Chrome browser with a sophisticated exploit that bypasses all security features, including ASLR/DEP and Chrome's heralded sandbox feature.

Security researchers from the French pen-testing firm VUPEN have successfully hacked Google's Chrome browser with what is being described as a sophisticated exploit that bypasses all security features including ASLR/DEP and Chrome's heralded sandbox feature.

VUPEN released a video of the exploit in action to demonstrate a drive-by download attack that successfully launches the calculator app without any user action.

The exploit shown in this video is one of the most sophisticated codes we have seen and created so far as it bypasses all security features including ASLR/DEP/Sandbox (and without exploiting a Windows kernel vulnerability), it is silent (no crash after executing the payload), it relies on undisclosed (0day) vulnerabilities discovered by VUPEN and it works on all Windows systems (32-bit and x64).

VUPEN, which sells vulnerability and exploit information to business and government customers, does not plan to provide technical details of the attack to anyone, including Google.

In the video (see below), the company demonstrates the exploit in action with Google Chrome v11.0.696.65 on Microsoft Windows 7 SP1 (x64). The user is tricked into visiting a specially crafted web page hosting the exploit which executes various payloads to ultimately download the Calculator from a remote location and launch it outside the sandbox (at Medium integrity level).

While Chrome has one of the most secure sandboxes and has always survived the Pwn2Own contest during the last three years, we have now uncovered a reliable way to execute arbitrary code on any default installation of Chrome despite its sandbox, ASLR and DEP, VUPEN explained.

VUPEN made headlines in March this year when a team of its researchers hacked into Apple's MacBook via a Safari vulnerability to win the CanSecWest PWN2Own contest.

Topics: CXO, Browser, Google, Operating Systems, Security, Software, Windows

About

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.