Video: Vupen pwns Google Chrome

Posted by Trent Nouveau

Vupen Security claims to have successfully pwned Google's locked-down Chrome browser.

To prove the apparent hack, the French-based company released a video which purportedly displays "one of the most sophisticated codes" ever created - running on Google Chrome v11.0.696.65  and Microsoft Windows 7 SP1 (x64).

"[The pwn] bypasses all security features including ASLR/DEP/Sandbox, it is silent (no crash after executing the payload), it relies on undisclosed (0day) vulnerabilities discovered by VUPEN and it works on all Windows systems (32-bit and x64)," a Vupen rep explained in an official blog post.

"While Chrome has one of the most secure sandboxes and has always survived the Pwn2Own contest during the last three years, we have now uncovered a reliable way to execute arbitrary code on any installation of Chrome despite its sandbox, ASLR and DEP."

So, how does it work?

Well, the user is tricked into visiting a specially crafted web page hosting the exploit. The exploit then executes various payloads to ultimately download a malicious app from a remote location and launches it outside the sandbox at Medium integrity level.

Fortunately for Google, Vupen will refrain from publicly disclosing either the code or technical details of the above-mentioned hack, as they are "shared exclusively" with Vupen's customers as part of the company's vulnerability research services.