Pwn2Own 2012: Google Chrome browser sandbox first to fall
2 posters
Page 1 of 1
Pwn2Own 2012: Google Chrome browser sandbox first to fall
https://www.zdnet.com/blog/security/pwn2own-2012-google-chrome-browser-sandbox-first-to-fall/10588
In an interview, Bekrar said his team worked for about six weeks to find the vulnerabilities and write the exploits. ”We had to use two vulnerabilities. The first one was to bypass DEP and ASLR on Windows and a second one to break out of the Chrome sandbox.”
“Our exploit worked against the default installation...
During the hack, Bekrar created a web page booby-trapped with his exploit. Once the target machine visited the page, the exploit ran and opened the Calculator (calc.exe) app outside of the sandbox.”
“There was no user interaction, no extra clicks. Visit the site, popped the box.”
Re: Pwn2Own 2012: Google Chrome browser sandbox first to fall
this particular hack seems to cover both the browser and the OS the browser is installed on.
I mean they had to break/hack windows DEP to actually do the hack in the browser. At least that's how I see it.
So, one can say that it is both the browser and windows os failing together.
If the two (DEP/chrome) are depending on eachother for to totally secure a browser.
Should or could a browser be totally secure even if the OS itself does not have DEP/SEHOP/ASLR ?
Anyway, still nice to know that there are still people out there that make a public announcement about it !
I mean they had to break/hack windows DEP to actually do the hack in the browser. At least that's how I see it.
So, one can say that it is both the browser and windows os failing together.
If the two (DEP/chrome) are depending on eachother for to totally secure a browser.
Should or could a browser be totally secure even if the OS itself does not have DEP/SEHOP/ASLR ?
Anyway, still nice to know that there are still people out there that make a public announcement about it !
jna90- Member
- Posts : 36
Join date : 2011-07-20
Age : 50
Location : Amsterdam, The Netherlands
Similar topics
» Google ads...
» What is your favourite browser?
» Browser Security / Financial Malware test by MRG
» Something About Chrome
» Chrome SRP rules under Win XP
» What is your favourite browser?
» Browser Security / Financial Malware test by MRG
» Something About Chrome
» Chrome SRP rules under Win XP
Page 1 of 1
Permissions in this forum:
You cannot reply to topics in this forum
|
|