Vupen Security demonstrates sophisticated Google Chrome hack
Google Chrome has earned a reputation for having rock solid security. While Internet Explorer, Safari and Firefox are regularly compromised during the annual Pwn2Own hacking convention, Chrome has always survived unscathed. In fact, Google tried to attract some heavy hitters this year with a record $20,000 bounty for escaping the browser's sandbox -- no one even bothered to try. Despite Chrome's impeccable track record, a French security firm reminds us today that no software is bulletproof.
Vupen Security reports that it has officially "pwned" Google Chrome's sandbox. In the video below (no sound), the company demonstrates an unknown vulnerability that can be used to bypass all of the security mechanisms present in the latest version of Chrome (11.0.695.65) when running on Windows 7 SP1 x64. In the clip, Vupen visits a specially crafted webpage with malicious code that sidesteps the sandbox, ASLR and DEP to remotely download and execute software at a medium integrity level.
Vupen considers the exploit to be one of the most sophisticated it's seen, not only because it bypasses the aforementioned security measures, but because it does so without the browser crashing. With the example shown, an attacker could essentially gain control of your system without you even knowing about it. Since the flaw is unknown and unpublished, there's no immediate threat, but Vupen is reportedly withholding the information from Google, so it's unclear when a fix will come.
Source: http://www.techspot.com/news/43728-vupen-security-demonstrates-sophisticated-google-chrome-hack.html
lebron james twitter jimmer fredette thomas tew rum issaquah school district the game tv show lasso of truth terrence j most popular thanksgiving side dish the game bet lights out