first_imgEvery year we tune in to the CanSecWest conference and watch the Pwn2Own challenge commence. This usually consists of browsers including Internet Explorer, Firefox, and Safari getting hacked on the first day. One browser you will notice is missing from that list is Google Chrome, the reason being its sandbox security measures have made it very tough to crack.In fact, Google uses three types of security measure in Chrome that make it very difficult to exploit. They consist of Address Space Layout Randomization (ASLR), Data Execution Prevention (DEP), and the most commonly referred to sandbox.ASLR means the data used for the executable, libraries, heap, stack, and address space are never in the same location twice in memory. This makes predictions tough for the hacker making certain types of exploit very difficult if not impossible to use. DEP stops code execution from a non-executable memory region which means the common buffer overflow exploits don’t work. Finally we have the sandbox, which sees each tab you open in Chrome get its own process and is stripped of its rights meaning it can’t affect anything other than itself on the system and in the browser.Tough as all those measures sound and indeed are, Chrome has had its sandbox compromised this week by security company VUPEN. The video above shows the hack using a sophisticated zero-day exploit that manages to run arbitrary code through the browser. Most importantly, it bypasses the sandbox, ASLR, and DEP security measures.The exploit works on both 32-bit and 64-bit Windows systems and executes silently meaning it can be used without the browser or system crashing. In order for it to work a user would just have to visit a website created to take advantage of the vulnerabilities.As it uses new zero-day vulnerabilities VUPEN has discovered, it would be possible to use it on the most recent version of Chrome most of us end users will be running. However, for that to happen VUPEN would need to make the exploit public which it has no intention of doing. The only other way this could be used in the wild is if some other hacker has managed to find the same or similar exploits. Let’s hope not.Read more at Vupenlast_img read more

read more