Google Chrome’s sandbox was assumed to be the uber security feature in any browser till date. Prize money worth a whopping hot $20000 and star recognition was not motivation enough to crack Google Chrome’s sandbox. It seemed like Pwn2Own contestants were giving up on hacking Google Chrome. Though now, they will have more hope.
Finally, VUPEN, a security research firm seems to have gotten in and out of the Google Chrome sandbox with ease. They claim this by saying,
The exploit shown in this video is one of the most sophisticated codes we have seen and created so far as it bypasses all security features including ASLR/DEP/Sandbox (and without exploiting a Windows kernel vulnerability), it is silent (no crash after executing the payload), it relies on undisclosed (0day) vulnerabilities discovered by VUPEN and it works on all Windows systems (32-bit and x64).
The attack was carried out on Google Chrome v11.0.696.65 on a Windows 7 64 bit system. This attack exploits the Chrome sandbox and successfully downloads a sample calculator program on your computer. This calculator can of course be any other malicious EXE file if you are a cracker. The guys at VUPEN have refused to release any code for the hack, though they have decided to share it with the Government.
This has come up a few hours from the Google I/O Conference and last I heard, Google I/O was going to be all about Android this time.
As expected always, Google must release a statement on this very soon. Over the years, Google has grown extremely protective of Google Chrome and it was only time before someone hacked the sandbox. Clearly, the sandbox is all that stands between the browser and the hacker. In the meanwhile, you can see this video on YouTube and understand better what is happening there.
Check out the VUPEN research page here.
Three years of legacy comes to an end. Google Chrome finally seems to be hacked.