Security Experts Stunned as Google Chrome Hacked
A French security firm says it now knows how to hack its way into Google's Chrome browser. If the claim turns out to be true, it would represent a surprising weakness for a web browser considered by some to be the safest available.
The hack report comes from France's Vupen, which says it was able to sidestep Chrome's defenses -- including the highly reputable sandbox design -- as well as Windows 7's built-in anti-exploit infrastructure.
Report Stuns Security Experts
The exploit is "one of the most sophisticated codes we have seen and created so far, as it bypasses all security features including ASLR / DEP / Sandbox," Vupen reported.
"It is silent (no crash after executing the payload), it relies on undisclosed (zero-day) vulnerabilities and it works on all Windows systems."
The report is a surprise to many since Chrome is considered a very difficult browser to hack.
Sandbox Buffers Between Browser and Operating System
Chrome's sandbox infrastructure is engineered to create a buffer between the browser and the wider operating system (OS), making it much more difficult for a hacker to take advantage of a PC. In theory, sandboxing creates a virtual wall such that a running program has limited access to the 'outside' operating system.
So resilient is Google's web browser sandbox design that white-hat hackers were unable to exploit it at a recent Pwn2Own competition.
Nevertheless, Vupen has not only described how it exploited Chrome on its blog, but it's also posted a video of the process on YouTube. (Source: theregister.co.uk)
Vupen Not Communicating With Google
Google says Vupen never contacted it about the security hole. Therefore, the search giant has been unable to confirm its report. "We're unable to verify Vupen's claims at this time as we have not received any details from them," Google said in a recent statement.
"Should any modifications become necessary, users will be automatically updated to the latest version of Chrome." (Source: computerworld.com)
Had it pursued a different tactic by reporting the issue directly to Google, Vupen may have been privy to a large reward. So far this year Google has already handed out $77,000 in "bug bounties" to various security experts.
Free eBook: The Windows 7 Guide: From Newbies to Pros. In this 46 page guide you will be introduced to Windows 7 and what it has to offer. It will teach you about the new taskbar, how to resolve software compatibility issues, how to customize Windows Aero, and explain what the Windows 7 Libraries are all about. Also included: a detailed list of what software is included in Windows 7, and how easy networking is with Windows 7 along with other topics. The advice within this guide will help new users become acquainted with Windows 7 and can also help those who are on the fence about purchasing Windows 7 decide if it would be a good idea. Click here to download this eBook now! Note: this eBook is free, but registration is required; after that, you can select more ebooks and videos for download without registering again. If you have questions / problems with the registration form, please read this.