About Us | Contact Us    

 


 

Products by Name

 
  VUPEN Products Overview

  Binary Analysis & Exploits

  Threat Protection Program
  Exploits for Offensive Sec.
 
 
   
 

Contact Sales   

 
   

VUPEN Vulnerability Research Videos and Demonstrations

 
Google Chrome Pwned by VUPEN aka Sandbox/ASLR/DEP Bypass
 
Published on 2011-05-09 17:35:41 UTC by VUPEN Vulnerability Research Team

Twitter LinkedIn Delicious Digg Slashdot

Hi everyone,

We are (un)happy to announce that we have officially Pwned Google Chrome and its sandbox.

The exploit shown in this video is one of the most sophisticated codes we have seen and created so far as it bypasses all security features including ASLR/DEP/Sandbox (and without exploiting a Windows kernel vulnerability), it is silent (no crash after executing the payload), it relies on undisclosed (0day) vulnerabilities discovered by VUPEN and it works on all Windows systems (32-bit and x64).

The video shows the exploit in action with a default installation of Google Chrome v11.0.696.65 on Microsoft Windows 7 SP1 (x64). The user is tricked into visiting a specially crafted web page hosting the exploit which will execute various payloads to ultimately download the Calculator from a remote location and launch it outside the sandbox (at Medium integrity level).

While Chrome has one of the most secure sandboxes and has always survived the Pwn2Own contest during the last three years, we have now uncovered a reliable way to execute arbitrary code on any default installation of Chrome despite its sandbox, ASLR and DEP.


For security reasons, the exploit code and technical details of the underlying vulnerabilities will not be publicly disclosed. They are available to our customers as part of our vulnerability research services.

Note: The exploit works on both Chrome stable, beta, and dev.
 

Copyright VUPEN Security

 

VUPEN Solutions  

 


 

 

 

 

 

 

 

 

 

2004-2014 VUPEN Security - Copyright - Privacy Policy