Google Chrome PWNED on Windows, exploit leaps over sandbox/ASLR/DEP - UPDATE
Summary: If you've been using Google Chrome and feeling smug that you're browser is immune to being attacked, think again.
If you've been using Google Chrome and feeling smug that you're browser is immune to being attacked, think again.
Here's an interesting hack attack on the browser than not only bypasses the Google Chrome sandbox, but also Address Space Layout Randomization (ASLR) and Data Execution Prevention (DEP) on Windows.
All that is required it to trick a user into visiting a specially crafted web page hosting the exploit and a number of payloads will be executed silently with no user interaction.
[UPDATE: VUPEN now says that this exploit does not rely on a Windows kernel exploit, so ASLR and DEP are secure.]
Here's a video that shows the sophisticated exploit in action (the video below shows Chrome on Windows 7 SP1 being PWNED):
Scary stuff, not just because it bypasses the Chrome sandbox, but because it walks through two Windows defense systems to do so.
It's obvious that there are a number of zero-day vulnerabilities at work here.
More details over on VUPEN.
[UPDATE: I have no more information on the exploit here than what's given. I'm assuming that multiple exploits are needed to get past the three layers of defense since it's hard to imagine a single zero-day bypassing the sandbox, ASLR and DEP (although I suppose it could happen).
I have approached Vupen with some questions and will keep you updated.]
[UPDATE 2: There's a fair bit of hyperventilation going on in the TalkBack sections about who or what is to blame here. Is it a Google issue? Is it Microsoft? There's also claims that I'm 'picking' on one multi-billion dollar corporation or another.
Sheesh.
I know as much as you know here, which isn't very much. VUPEN say that this:
- Is a Google Chrome vulnerability - It does not rely on a Windows kernel vulnerability - It works on all Windows systems (including 32-bit and 64-bit) - Relies on undisclosed zero-day vulnerabilities - Sandbox, ASLR and DEP are bypassed
Given that VUPEN now clearly say that this doesn't rely on a Windows exploit, it's both safe and fair to say that this is a Google problem. And given that this exploit isn't in the wild, there's no need for a Chicken Little reaction.
This isn't about the merits of Windows vs. Mac vs. Linux, or who's to blame, or pledging allegiance to one multi-billion dollar corporation or another. It's about keeping end users safe.]
Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.
Talkback
A fortress is only as strong as its foundation.
Except...
The odds of *3* seperate (and difficult-to-defeat) mitgation defeneses from two different vendors being penetrated simultaneously is pretty rare.
And yes, it matters a great deal how secure the browser is because usually the browser is in front of the OS...
Exactly, people were depending on Chrome to keep them safe on Windows.
RE: Google Chrome PWNED on Windows 7, exploit leaps over sandbox/ASLR/DEP
RE: Google Chrome PWNED on Windows 7, exploit leaps over sandbox/ASLR/DEP
RE: Google Chrome PWNED on Windows 7, exploit leaps over sandbox/ASLR/DEP
Logic fail much?
The takeaway is that Chrome is not nearly as secure as people have given it credit for.
A better analogy is a shield that can't withstand a sword blow, when that sword is a celery stick.
Well, no excuses for Chrome, but, no excuses for Windows 7 either.
RE: Google Chrome PWNED on Windows 7, exploit leaps over sandbox/ASLR/DEP
You're a poor imitation Donnie.
RE: Google Chrome PWNED on Windows 7, exploit leaps over sandbox/ASLR/DEP
RE: Google Chrome PWNED on Windows 7, exploit leaps over sandbox/ASLR/DEP
Based on your comment you should never comment on security again because you have no clue about it.
Your comment is like saying it doesn't matter how secure the bank vault doors are if the shelves inside the vault are insecure. The browser is the gateway for the attack and because of its usage of Windows features like ASLR and DEP it got into that part of the OS.
No software or operating system will ever be secure. This is just another case of Chrome increasing in usage and popularity and it becoming a tempting target for attackers.
Also keep in mind that this is designed to trick a user into visiting the page. This is very common tactic of attacks today.
More like Chrome had the entrance to the bank covered, and Windows 7 was
RE: Google Chrome PWNED on Windows 7, exploit leaps over sandbox/ASLR/DEP
Actually, a more fitting analogy would be the browser being the vault door, and the floor of the vault being the OS. I have to agree with him - if the OS isn't secure, it doesn't matter how secure the browser is. Using the bank example, if the floor of the vault is made out of wood, even the strongest steel vault door isn't going to keep theives out.
RE: Google Chrome PWNED on Windows 7, exploit leaps over sandbox/ASLR/DEP
I see what you are saying but the question is does Google Chrome access those parts of Windows for legitimate reasons and once Chrome got exploited it automatically had access to parts of WIndows because of it.
The reason I say that is because similar attacks happen through other 3rd party software for Windows and other Operating systems too such as Java, Flash, Acrobat Reader. Once these programs are installed they gain access to parts of the Operating System to function because they are legit apps. If those apps get exploited it can use that access to exploit the OS.
It doesn't change the fact that ASLR and DEP are good security measures on their own right.
RE: Google Chrome PWNED on Windows 7, exploit leaps over sandbox/ASLR/DEP
Hmm, no I got one! Okay, Chrome is a vault door, right? Okay, so Microsoft is the contractor they outsourced to for the keypad lock, and they put in a keypad the verbally tells passerby the code.
I call BS here
How does making excuses for Google and Chrome make it any more secure.
(here's ahint - It doesn't!!)
Message has been deleted.
Message has been deleted.
RE: Google Chrome PWNED on Windows 7, exploit leaps over sandbox/ASLR/DEP
ASLR/DEP not necessarily involved
RE: Google Chrome PWNED on Windows 7, exploit leaps over sandbox/ASLR/DEP