Two of the core reasons for installing Google Chrome are the browser's speed and security. Especially the latter with its sandboxing approach proved to be very effective against many common attack forms and hacking attempts.
Even the security experts at the Pwn2Own conference were not able to penetrate Chrome's defense system, most did not even bother to try.
VUPEN Research yesterday announced that one of their security teams was successful in exploiting the Google Chrome web browser by escaping the web browser's sandbox.
The sandbox has been designed to separate website contents from each other and the browser core.
A video was published that demonstrates the exploit under Chrome 11.0.695.65, the latest stable version of the Internet browser. The operating system in the video is the 64-bit edition of Windows 7.
The developers are opening a specifically prepared local website which, after a while, triggers the start of Windows Calculator to demonstrate that the sandbox has been penetrated. The calculator ran with the same privileges as the web browser.
Malicious hackers would obviously use the exploit for a serious attack instead of launching the calculator.
How does it work?
The user is tricked into visiting a specially crafted web page hosting the exploit which will execute various payloads to ultimately download the Calculator from a remote location and launch it outside the sandbox at Medium integrity level.
While Chrome has one of the most secure sandboxes and has always survived the Pwn2Own contest during the last three years, we have now uncovered a reliable way to execute arbitrary code on any installation of Chrome despite its sandbox, ASLR and DEP.
The vulnerability has not been confirmed yet by Google and it is unclear if the two companies are in contact with each other. VUPEN have not posted the exploit code or a proof of concept demonstration on their website.
It is likely that we will see a quick patch to address the issue in Chrome. VUPEN are very vague on their website, and it is not clear if all Chrome versions are affected or only the stable version. It is however likely that the exploit works on all versions of Chrome.
The issue can only be utilized by attackers if a Chrome users visits a specifically prepared page on the Internet. While it is unlikely that a single page exploiting the issue is already online, it might be a good idea to stay away from questionable sites for a while.
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.