VUPEN, a French company specializing in computer security, has discovered a zero-day flaw in Chrome 11 which bypasses the sandbox of the browser to launch arbitrary code. He also took the opportunity to address the protections DEP and ASLR in Windows 7. He has released details of the fault to publishers.
The public will have right cons by a video showing that the flaw in action. A so-called zero-day attack is when it takes advantage of a vulnerability that is unknown to the community and the publisher. In this case, VuPen says only that he could bypass all these protections without exploiting a vulnerability in the Windows kernel and without needing to crash the system.
Chromium is known for its sandbox. This is an environment that is supposed to isolate the tab of the rest of the browser and operating system. In this instance, VuPen have created a web page that can arbitrarily start the Windows calculator proving it is possible to leave the sandbox. An attacker less laudable intentions might choose to run a malicious program.
To achieve their ends, the experts also bypassed the ASLR (Address Space Layout Randomization) and DEP (Data Execution Prevention) in Windows 7. The first is supposed to organize the data areas into virtual memory at random. The goal is to make it harder for hackers who can not in principle predict the position of the modules or codes needed to attack.
The second is supposed to prevent the execution of codes in a memory region that is not provided for this purpose. This issue is important because Chrome is known for being one of the safest browsers, but we still have proof that the "zero fault" does not exist. The code was launched on a 64-bit version of Windows 7 and Google Chrome v11.0.696.65, but it also works on 32-bit operating system.
VUPEN has already distinguished itself this year by winning the contest Pwn2Own after enjoying a flaw in Safari which has requested two weeks of development and three researchers (see "Safari and IE Pwn2Own fall"). He also revealed the flaw in PDF iOS 4 last year.
The public will have right cons by a video showing that the flaw in action. A so-called zero-day attack is when it takes advantage of a vulnerability that is unknown to the community and the publisher. In this case, VuPen says only that he could bypass all these protections without exploiting a vulnerability in the Windows kernel and without needing to crash the system.
Chromium is known for its sandbox. This is an environment that is supposed to isolate the tab of the rest of the browser and operating system. In this instance, VuPen have created a web page that can arbitrarily start the Windows calculator proving it is possible to leave the sandbox. An attacker less laudable intentions might choose to run a malicious program.
To achieve their ends, the experts also bypassed the ASLR (Address Space Layout Randomization) and DEP (Data Execution Prevention) in Windows 7. The first is supposed to organize the data areas into virtual memory at random. The goal is to make it harder for hackers who can not in principle predict the position of the modules or codes needed to attack.
The second is supposed to prevent the execution of codes in a memory region that is not provided for this purpose. This issue is important because Chrome is known for being one of the safest browsers, but we still have proof that the "zero fault" does not exist. The code was launched on a 64-bit version of Windows 7 and Google Chrome v11.0.696.65, but it also works on 32-bit operating system.
VUPEN has already distinguished itself this year by winning the contest Pwn2Own after enjoying a flaw in Safari which has requested two weeks of development and three researchers (see "Safari and IE Pwn2Own fall"). He also revealed the flaw in PDF iOS 4 last year.
- Google Chrome PWNED on Windows 7, exploit leaps over sandbox/ASLR/DEP (10/05/2011)
- Video: Chrome Vulnerability Exposed (10/05/2011)
- Install Problems (10/05/2011)
- New Chrome Exploit Bypasses Sandbox, ASLR and DEP (09/05/2011)
- I am tired of cold. (10/05/2011)
Windows 7 (homepage)  Windows 7 (wikipedia)  
No comments:
Post a Comment