14 DAY TRIAL // Security researchers from French vulnerability research outfit VUPEN Security claim they managed to exploit Google Chrome and execute arbitrary code by breaking out of the browser's reputed sandbox.
The researchers have published a video of the exploit they developed in action against Chrome 11.0.696.65 running on a fully patched 64-bit Windows 7 SP1 installation.
Google Chrome is considered the most secure browser, architecturally-speaking, due to its sandbox that separates web code parsing from the operating system.
In software development, sandboxes are restricted environments that only allow contained processes to communicate with the underlying OS through a tightly controlled system.
This offers a generic form of protection against exploits that could otherwise result in arbitrary code execution.
Sandboxes are not unbreakable, but they certainly make attacks a lot harder, because they require chaining exploits for different vulnerabilities together.
In addition, on modern operating systems like Windows 7, once the sandbox is bypassed, the attacker also needs to tackle other anti-exploitation techniques like DEP and ASLR.
"The exploit shown in this video is one of the most sophisticated codes we have seen and created so far as it bypasses all security features including ASLR/DEP/Sandbox, it is silent (no crash after executing the payload), it relies on undisclosed (0day) vulnerabilities discovered by VUPEN and it works on all Windows systems (32-bit and x64)," the researchers write.
This is an impressive display of skill by one of the top vulnerability research teams in the world, but it just stands to show that it would take extremely talented hackers to mount a successful attack against Google's browser and the effort would most likely far outweigh any benefits.
VUPEN does not plan to disclose details about the exploit publicly. Instead it will share it exclusively with its government customers to help them mitigate the risks. "[...] We have now uncovered a reliable way to execute arbitrary code on any installation of Chrome despite its sandbox, ASLR and DEP," the vendor concludes.