October 25, 2014

Google Chrome Browser First to Fall at Pwn2Own 2012

(LiveHacking.Com) – Google spends a lot of time, effort and money on making Chrome as secure as possible. However software can never been 100% secure. This was proved during this year’s CanSecWest Pwn2Own hacker contest where Chrome was the first browser to fall to the hackers.

A team of French hackers from VUPEN, which sells vulnerabilities and exploits to government customers, took down Chrome due to an impressive set of exploits. VUPEN co-founder and head of research Chaouki Bekrar and his team attacked Chrome via a pair of zero-day vulnerabilities to take complete control of a 64-bit Windows 7 PC with all the latest Microsoft patches applied. The team worked for six weeks prior to the competition to find the vulnerabilities and write the exploits.

In an interview, Bekrar said “We had to use two vulnerabilities. The first one was to bypass DEP and ASLR on Windows and a second one to break out of the Chrome sandbox.”

According to Bekrar, who declined to say if any of the exploits targeted third-party code (like Adobe Flash), the exploit used a use-after-free vulnerability in the default installation of Chrome. To launch the hack the team created a web page booby-trapped with the exploit code. Once the target page was opened in Chrome, the exploit ran and opened the Calculator (calc.exe) and so demonstrated that the exploit bypassed Chrome’s sandbox and had direct access to Windows.

The most controversial aspect of all this is that VUPEN will sell the rights to one of the zero-day vulnerabilities but the company says it won’t give up the sandbox escape but intends to keep it private for its customers. This goes against the whole ethos of security research and full disclosure.

VUPEN isn’t only hacking Chrome, the company says it also has exploits for Microsoft Internet Explorer, Apple Safari and Mozilla Firefox.

Share and Enjoy:
  • Print
  • Digg
  • StumbleUpon
  • del.icio.us
  • Facebook
  • Yahoo! Buzz
  • Twitter
  • Google Bookmarks