VUPEN: “WHILE CHROME HAS ONE OF THE MOST SECURE SANDBOXES AND HAS ALWAYS SURVIVED THE PWN2OWN”
Google Chrome web browser has done the name for itself by being the single of, if not the fastest browser upon the marketplace today. The browser additionally done the name for itself by charity the scrupulously great turn of security; what you meant by which is which for the past 3 years it survived the Pwn2Own contest, mechanism hacking competition hold during the annual CanSecWest confidence conference, commencement in 2007 and- sponsored by TippingPoint.
Chrome's limiting sandbox and- alternative confidence measures meant which Pwn2own contestants could not pwn the browser. They could pwn alternative browsers, similar to Microsoft's Internet Explorer, Apple's Safari or Mozilla's Firefox, though not Google's Chrome.
The headlines is which Chrome's repute of being unpwnable has been damaged by Vupen Security, universe personality in disadvantage investigate for defensive as well as descent security. Vupen voiced which it pwned Chrome, which it came up with the worldly exploit, the many worldly the single Vupen has ever come up with, feat which bypasses Chrome's sandbox as well as alternative confidence features, together with DEP (Data Execution Prevention) and- ASLR (Address Space Layout Randomization).
Vupen explained which the feat it came up with does not feat the Windows heart vulnerability; it exploits an undisclosed 0-day disadvantage detected by Vupen, disadvantage which functions upon all 32-bit as well as 64-bit Windows systems. The feat is silent, there's no pile-up after executing the payload; it functions upon Chrome 11.X as well as 12.X.
"We have been (un)happy to make known which you have strictly Pwned Google Chrome and- the sandbox," pronounced Vupen. "While Chrome has the single of the many secure sandboxes and- has regularly survived the Pwn2Own competition during the final 3 years, you have right away unclosed the arguable approach to govern capricious formula upon any default designation of Chrome notwithstanding the sandbox, ASLR as well as DEP."
A video which presents the Vupen-uncovered feat in movement is accessible upon YouTube here.
In the video the user of Chrome 11.0.696.65 upon Windows 7 SP1 is duped in to on vacation the antagonistic website which hosts Vupen's exploit. The feat formula downloads the Calculator module from the remote place as well as launches it outward Chrome's sandbox.
--
Source: http://www.digdod.com/vupen-%e2%80%9cwhile-chrome-has-one-of-the-most-secure-sandboxes-and-has-always-survived-the-pwn2own-1031963.html
~
Manage subscription | Powered by rssforward.com
