.

Google Chrome Pwned by VUPEN aka Sandbox/ASLR/DEP Bypass

<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Tue May 10, 2011 10:31 am

Google Chrome Pwned by VUPEN aka Sandbox/ASLR/DEP Bypass


Hi everyone,

We are (un)happy to announce that we have officially Pwned Google Chrome and its sandbox.

The exploit shown in this video is one of the most sophisticated codes we have seen and created so far as it bypasses all security features including ASLR/DEP/Sandbox (and without exploiting a Windows kernel vulnerability), it is silent (no crash after executing the payload), it relies on undisclosed (0day) vulnerabilities discovered by VUPEN and it works on all Windows systems (32-bit and x64).

The video shows the exploit in action with Google Chrome v11.0.696.65 on Microsoft Windows 7 SP1 (x64). The user is tricked into visiting a specially crafted web page hosting the exploit which will execute various payloads to ultimately download the Calculator from a remote location and launch it outside the sandbox (at Medium integrity level).

While Chrome has one of the most secure sandboxes and has always survived the Pwn2Own contest during the last three years, we have now uncovered a reliable way to execute arbitrary code on any default installation of Chrome despite its sandbox, ASLR and DEP.



For full story & video:
http://www.vupen.com/demos/VUPEN_Pwning_Chrome.php

Don
CISSP, MCSE, CSTA, Security+ SME
<<

zeroflaw

User avatar

Full Member
Full Member

Posts: 208

Joined: Fri Feb 12, 2010 10:41 am

Location: Holland, Den Helder

Post Wed May 11, 2011 3:22 pm

Re: Google Chrome Pwned by VUPEN aka Sandbox/ASLR/DEP Bypass

Very nice! I wonder when/if they will release some more details about the exploit.
ZF

Return to Malware

Who is online

Users browsing this forum: No registered users and 0 guests

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software