Google Chrome Hacked By French Researchers

Google’s claims about the security of its Chrome web browser took a hit this week after security experts at Vupen Security claimed they had successfully cracked the browser.

Vupen is a French specialist in vulnerability research for defensive and offensive security, and a video on its website shows the exploit in action with Google Chrome v11.0.696.65 on Microsoft Windows 7 SP1 (x64).

The user is tricked into visiting a specially crafted web page hosting the exploit, which will execute various payloads to ultimately download the Calculator from a remote location and launch it outside the sandbox (at Medium integrity level).

Public Disclosure

For security reasons, the exploit code and technical details of the underlying vulnerabilities will not be publicly disclosed, the Vupen security team said in a post on its website, and noted they are exclusively shared with their government customers as part of their vulnerability research services. Vupen also disclosed the exploit works on both Chrome versions 11.x and 12.x. It was tested with Chrome v11.0.696.65 and v12.0.742.30.

“The exploit shown in this video is one of the most sophisticated codes we have seen and created so far as it bypasses all security features including ASLR/DEP/Sandbox (and without exploiting a Windows kernel vulnerability), it is silent (no crash after executing the payload), it relies on undisclosed (0day) vulnerabilities discovered by Vupen and it works on all Windows systems (32-bit and x64),” the Vupen Vulnerability Research Team wrote in the post.

“While Chrome has one of the most secure sandboxes and has always survived the Pwn2Own contest during the last three years, we have now uncovered a reliable way to execute arbitrary code on any default installation of Chrome despite its sandbox, ASLR and DEP.”

Chrome Sandbox

Chrome uses technologies such as Safe Browsing, sandboxing and auto-updates to help protect users against phishing and malware attacks, and shows users a warning message before they visit a site that is suspected of containing malware or phishing.

The sandbox adds an additional layer of protection to the browser by protecting against malicious web pages that try to leave programs on a user’s computer, monitor a user’s web activities or steal private information from the hard drive.

In addition to analysing and reversing freshly patched or publicly disclosed flaws, Vupen security engineers and researchers are also dedicated to finding new and unpatched security vulnerabilities in prominent and widely deployed software to help vendors eliminate security vulnerabilities in their products.

Vupen’s website notes the organisation follows a private responsible disclosure policy and reports all discovered vulnerabilities to the affected vendor under contract with Vupen, and works with them to create a timetable pursuant to which the vulnerability information may be publicly disclosed.

Nathan Eddy

Nathan Eddy is a contributor to eWeek and TechWeekEurope, covering cloud and BYOD

Recent Posts

OpenAI In Talks With California Over For-Profit Shift

OpenAI reportedly begins early talks with California attorney general over complex transition from nonprofit to…

6 hours ago

EU To Assess Apple’s iPad Compliance Plans

European Commission says it will review Apple's iPad compliance with DMA rules as it seeks…

6 hours ago

James Dyson Says ‘Spiteful’ Budget Will Kill Start-Ups

James Dyson delivers most high-profile criticism so far of Labour's first Budget that raises £40bn…

7 hours ago

Nvidia, Meta Ask Supreme Court To Axe Investor Lawsuits

Nvidia, Meta bring cases before US Supreme Court this month seeking tighter limits on investors'…

7 hours ago

Nvidia To Replace Intel On Dow Jones Industrial Average

Nvidia to replace Intel this week on Dow Jones Industrial Average after years of turmoil…

8 hours ago

Toyota-Backed Joby Flies ‘Air Taxi’ In Japan

Joby Aviation and Toyota Motor complete demonstration flight in Shizuoka as companies prepare to bring…

8 hours ago