If you've been using Google Chrome and feeling smug that you're browser is immune to being attacked, think again.
All that is required it to trick a user into visiting a specially crafted web page hosting the exploit and a number of payloads will be executed silently with no user interaction.
[UPDATE: VUPEN now says that this exploit does not rely on a Windows kernel exploit, so ASLR and DEP are secure.]
Here's a video that shows the sophisticated exploit in action (the video below shows Chrome on Windows 7 SP1 being PWNED):
Scary stuff, not just because it bypasses the Chrome sandbox, but because it walks through two Windows defense systems to do so.
It's obvious that there are a number of zero-day vulnerabilities at work here.
More details over on VUPEN.
[UPDATE: I have no more information on the exploit here than what's given. I'm assuming that multiple exploits are needed to get past the three layers of defense since it's hard to imagine a single zero-day bypassing the sandbox, ASLR and DEP (although I suppose it could happen).
I have approached Vupen with some questions and will keep you updated.]
[UPDATE 2: There's a fair bit of hyperventilation going on in the TalkBack sections about who or what is to blame here. Is it a Google issue? Is it Microsoft? There's also claims that I'm 'picking' on one multi-billion dollar corporation or another.
I know as much as you know here, which isn't very much. VUPEN say that this:
- Is a Google Chrome vulnerability - It does not rely on a Windows kernel vulnerability - It works on all Windows systems (including 32-bit and 64-bit) - Relies on undisclosed zero-day vulnerabilities - Sandbox, ASLR and DEP are bypassed
Given that VUPEN now clearly say that this doesn't rely on a Windows exploit, it's both safe and fair to say that this is a Google problem. And given that this exploit isn't in the wild, there's no need for a Chicken Little reaction.
This isn't about the merits of Windows vs. Mac vs. Linux, or who's to blame, or pledging allegiance to one multi-billion dollar corporation or another. It's about keeping end users safe.]