The sophisticated attack relied on a number of bugs and poor implementations

Jun 12, 2012 13:33 GMT  ·  By

Three months after Pwnium, Google is finally ready to reveal some of the details about Sergey Glazunov's exploit that broke the Chrome sandbox. Google organized the Pwnium event during the Pwn2Own competition and encouraged security researchers to come to up with ways of breaking out of the Chrome box, something that wasn't done before, at least not publicly.

There were two entries in the competition and both took home the grand prize, $60,000, €47,700 as both successfully found ways of getting out of the sandbox.

It took a myriad of chained bugs to do it, but it showed that it could be done and that people determined enough would find ways out of the sandbox.

Google revealed the details of Pinkie Pie's exploit a few weeks ago. It was an impressive feat, using six bugs for a successful attack.

Glazunov's method was even more impressive, it relied on some 14 bugs and a very complex set of events to get out of the sandbox but, once again, the result was the same, the attack was successful. What's even more interesting, it used no memory corruption bugs whatsoever.

Google says that trying to explain the method was a daunting task in itself, especially when targeting people who are not security experts, i.e. most people and most Chrome users.

What's more, Google skipped over some parts that it couldn't talk about some of the things it did to make sure that such an exploit would no longer be possible.

But now that most people are running a recent version of Chrome, one including all the patches and improvements that resulted from Glazunov's exploit, Google can reveal some details. A rundown of how the exploit worked is available in Google's latest post to the Chromium blog.