Researchers Say New Bugs Can Bypass Google Chrome Sandbox

Researchers at the French security firm VUPEN say that they have discovered several new vulnerabilities in Google Chrome that enable them to bypass the browser’s sandbox, as well as ASLR and DEP and run arbitrary code on a vulnerable machine.

Chrome sandbox bugsResearchers at the French security firm VUPEN say that they have discovered several new vulnerabilities in Google Chrome that enable them to bypass the browser’s sandbox, as well as ASLR and DEP and run arbitrary code on a vulnerable machine.

The company said that they are not going to disclose the details of the bugs right now, but that they have shared information on them with some of their government customers through its customer program. The vulnerabilities are present in the latest version of Chrome running on Windows 7, VUPEN said.

VUPEN published a video that demonstrates an attack that exploits the Chrome vulnerabilities, although there is no further clues about the bugs themselves.

“The exploit shown in this video is one of the most sophisticated codes we have seen and created so far as it bypasses all security features including ASLR/DEP/Sandbox, it is silent (no crash after executing the payload), it relies on undisclosed (0day) vulnerabilities discovered by VUPEN and it works on all Windows systems (32-bit and x64),” VUPEN said in its advisory about the bugs.
“The video shows the exploit in action with Google Chrome v11.0.696.65 on Microsoft Windows 7 SP1 (x64). The user is tricked into visiting a specially crafted web page hosting the exploit which will execute various payloads to ultimately download the Calculator from a remote location and launch it outside the sandbox at Medium integrity level.”

Newer versions of Chrome include a sandbox component that is designed to prevent exploits against the browser from being used to run malicious code in other applications on the machine. Google has been offering bounties for more than a year now to researchers who find and report new bugs in Chrome, and other applications, to the company. The highest reward, which is $3133.7, is reserved for the most serious bugs, including those that are able to bypass the sandbox in Chrome.

But VUPEN is reserving details of the vulnerability and sharing just with its customers. Government agencies and defense contractors have been consistent buyers of vulnerabilities for some time and some researchers say that the prices these organizations pay for bugs can be as much as 20 or 30 times higher than what most vendors offers.

Suggested articles

Discussion

  • Anonymous on

    Chrome

  • Charter Bus DC on

    Researchers say they've developed attack code that pierces key defenses built into Google's Chrome browser, allowing them to reliably execute malware on end user machines.

    The attack contains two separate exploits so it can bypass the security counter measures, which include address space layout randomization (or ASLR), data execution prevention (or DEP), and a “sandbox” designed to isolate browser functions from core operating-system operations. So far, there have been relatively few reported exploits that can penetrate the sandbox, and that's one of the reasons the browser has managed to emerge unscathed during the annual Pwn2Own hacker competition for three years in a row.

  • Clete Munson on

    Guess this is what happens when you offer $20K to anyone that can bust your junk.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.