Google Chrome hacked with sophisticated exploit
Summary: Security researchers from VUPEN have successfully hacked Google's Chrome browser with a sophisticated exploit that bypasses all security features, including ASLR/DEP and Chrome's heralded sandbox feature.
Security researchers from the French pen-testing firm VUPEN have successfully hacked Google's Chrome browser with what is being described as a sophisticated exploit that bypasses all security features including ASLR/DEP and Chrome's heralded sandbox feature.
VUPEN released a video of the exploit in action to demonstrate a drive-by download attack that successfully launches the calculator app without any user action.
The exploit shown in this video is one of the most sophisticated codes we have seen and created so far as it bypasses all security features including ASLR/DEP/Sandbox (and without exploiting a Windows kernel vulnerability), it is silent (no crash after executing the payload), it relies on undisclosed (0day) vulnerabilities discovered by VUPEN and it works on all Windows systems (32-bit and x64).
VUPEN, which sells vulnerability and exploit information to business and government customers, does not plan to provide technical details of the attack to anyone, including Google.
In the video (see below), the company demonstrates the exploit in action with Google Chrome v11.0.696.65 on Microsoft Windows 7 SP1 (x64). The user is tricked into visiting a specially crafted web page hosting the exploit which executes various payloads to ultimately download the Calculator from a remote location and launch it outside the sandbox (at Medium integrity level).
While Chrome has one of the most secure sandboxes and has always survived the Pwn2Own contest during the last three years, we have now uncovered a reliable way to execute arbitrary code on any default installation of Chrome despite its sandbox, ASLR and DEP, VUPEN explained.
VUPEN made headlines in March this year when a team of its researchers hacked into Apple's MacBook via a Safari vulnerability to win the CanSecWest PWN2Own contest.
Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.
Talkback
So, the vulnerability only works on the Chrome version for Windows?
RE: Google Chrome hacked with sophisticated exploit
I'd like to see how they did it if it is a true exploit.
RE: Google Chrome hacked with sophisticated exploit
RE: Google Chrome hacked with sophisticated exploit
Ludicrous suggestion.
Stick to web addresses you know? Seriously. In other words, don't click on anything that will take you to a web address you have never been to before? Or perhaps, do some research on the specific web address you are being suggested to go to so you can verify its legit? And don't forget to do that research through only websites you know are safe?
And for heaven sake, don't stop there!!! As the other poster mentioned, you might reasonably think your going to a familiar and trusted website but you could ALWAYS be getting redirected through any number of means so always keep a list of verified web addresses handy so you can instantly cross check the web address popping up to be sure its the real one and not a redirection to a phishing scam!
Is this suggestion for real? Nobody has the time or energy for that nonsense. The fact is that even completely legitimate websites can get compromised for periods of time by sophisticated hackers so how in the world can such a suggestion even be taken seriously.
The sheer notion of not entering new and unproven websites would pretty much grind the expansion of the web to a halt. The bottom line is bruiser2's suggestion of " Stick to web addresses you know to be safe and stop clicking links and it will not effect you" is plain ludicrous as it gets. You might as well say the proper way to avoid food poisoning is to never put anything in your mouth that you haven't already verified somehow as being safe to eat. And obviously for a plate of food, just like a website, the fact that you have had this before doesn't mean todays dish is safe anymore then the website is safe just because it was before. I guess we all need "site testers" just like the kings of old had "food testers". A live in sucker to take the hit first if something goes sideways.
Its just further proof in the absolute that no browser or OS is so safe it cant be exploited in an effective way by a determined hacker.
One thought to leave with those who in their heart of hearts believe otherwise. Do you really think that if the whole world suddenly went Linux for example that the hackers would fold their tents and have to get legitimate jobs? Do you think they would throw up their arms in disgust and say "you win, we give up!"
No sir. Necessity is the mother of invention and it would be every bit as true even if the whole world only used Linux. The hackers would find it necessary to invent anew and as such, if you don't understand that they would invent anew and would have some success then you simply fail to understand how the world works.
Either its possible or its impossible, and if its possible someone will figure out how to do it then teach others just the same. As humans we have spent many a millennium proving that to be a fact of life, so live with it.
RE: Google Chrome hacked with sophisticated exploit
RE: Google Chrome hacked with sophisticated exploit
does your text based curl detect DNS results poisoning? i did a proof of concept in a class lab demonstrating it is possible to poison the results of an add to give the drive-by effect on a "known safe" page, simply because that page happened to have an add in it.
RE: Google Chrome hacked with sophisticated exploit
The point is that a sandbox should protect the user against "compromised websites".
"Sticking on known addresses" means "no browsing at all".
Following your line we should reach the security turning off all computers, nailing our windows and doors, and eventually doing absolutely nothing. Don't breath, air could be polluted...
Chrome failed, and that's all.
RE: Google Chrome hacked with sophisticated exploit
What about the ad networks? How many of those do you know? Maybe two? Four at most? It's best to find a method to block content from suspected or known malware sites, and there are several reputable ones. One I use regularly is MVPS.org's HOSTS file (links are http://www.mvps.org/winhelp2002/hosts.htm and
http://www.mvps.org/winhelp2002/hosts.zip)
And the HOSTS file itself can be used in almost all OSes, not just Windows.
RE: Google Chrome hacked with sophisticated exploit
pays to remember that Microsoft copied the BSD TCP/IP stack to get Windows into the TCP/IP world
RE: Google Chrome hacked with sophisticated exploit
"actually Windows does have a hosts file..."
gud readin comprehenshun!
RE: Google Chrome hacked with sophisticated exploit
RE: Google Chrome hacked with sophisticated exploit
Also, to those saying "don't click on links you don't recognize", this is an argument for a service like OpenDNS or a web proxy service, that would screen potentially dangerous content/domains from the hapless user. Of course, they have to find out about it, first...
RE: Google Chrome hacked with sophisticated exploit
RE: Google Chrome hacked with sophisticated exploit
Interested in attention and its own profits only.
RE: Google Chrome hacked with sophisticated exploit
What's wrong with getting paid for your work?
RE: Google Chrome hacked with sophisticated exploit
Well...Ha!
Ya, I guess police, doctors, politicians, lawyers, ambulance drivers, teachers, nurses, and just about anyone else who provides a useful service are all bums because they are out to earn a living as opposed to providing their expertise for free.
Face it, these guys did some heavy lifting in the research department in looking for exploits and they found a slick one. Killing the messenger who wants to be paid for the news he is delivering is usually the backwards way of thinking in any society that would like to progress and improve.
RE: Google Chrome hacked with sophisticated exploit
RE: Google Chrome hacked with sophisticated exploit