Google Chrome PWNED on Windows, exploit leaps over sandbox/ASLR/DEP - UPDATE

Summary:If you've been using Google Chrome and feeling smug that you're browser is immune to being attacked, think again.

If you've been using Google Chrome and feeling smug that you're browser is immune to being attacked, think again.

Here's an interesting hack attack on the browser than not only bypasses the Google Chrome sandbox, but also Address Space Layout Randomization (ASLR) and Data Execution Prevention (DEP) on Windows.

All that is required it to trick a user into visiting a specially crafted web page hosting the exploit and a number of payloads will be executed silently with no user interaction.

[UPDATE: VUPEN now says that this exploit does not rely on a Windows kernel exploit, so ASLR and DEP are secure.]

Here's a video that shows the sophisticated exploit in action (the video below shows Chrome on Windows 7 SP1 being PWNED):

Scary stuff, not just because it bypasses the Chrome sandbox, but because it walks through two Windows defense systems to do so.

It's obvious that there are a number of zero-day vulnerabilities at work here.

More details over on VUPEN.

[UPDATE: I have no more information on the exploit here than what's given. I'm assuming that multiple exploits are needed to get past the three layers of defense since it's hard to imagine a single zero-day bypassing the sandbox, ASLR and DEP (although I suppose it could happen).

I have approached Vupen with some questions and will keep you updated.]

[UPDATE 2: There's a fair bit of hyperventilation going on in the TalkBack sections about who or what is to blame here. Is it a Google issue? Is it Microsoft? There's also claims that I'm 'picking' on one multi-billion dollar corporation or another.


I know as much as you know here, which isn't very much. VUPEN say that this:

- Is a Google Chrome vulnerability - It does not rely on a Windows kernel vulnerability - It works on all Windows systems (including 32-bit and 64-bit) - Relies on undisclosed zero-day vulnerabilities - Sandbox, ASLR and DEP are bypassed

Given that VUPEN now clearly say that this doesn't rely on a Windows exploit, it's both safe and fair to say that this is a Google problem. And given that this exploit isn't in the wild, there's no need for a Chicken Little reaction.

This isn't about the merits of Windows vs. Mac vs. Linux, or who's to blame, or pledging allegiance to one multi-billion dollar corporation or another. It's about keeping end users safe.]

Topics: Windows, Browser, Google, Microsoft, Operating Systems, Software


Adrian Kingsley-Hughes is an internationally published technology author who has devoted over a decade to helping users get the most from technology -- whether that be by learning to program, building a PC from a pile of parts, or helping them get the most from their new MP3 player or digital camera.Adrian has authored/co-authored technic... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.