Google’s Chrome Sandbox Hacked

By | May 10, 2011


Googles Chrome Sandbox Hacked

The end is near.

After countless attempts, the almighty Sandbox has been bypassed by the French security company Vupen, which won the $15,000 cash prize just few months ago in the Pwn2Own contest for successfully hacking Safari web browser.

Although Google was unable to confirm such claim, the buzz is quickly spreading all over the Internet.

Here is what Vupen had to say about their recent accomplishment:

The exploit shown in this video is one of the most sophisticated codes we have seen and created so far as it bypasses all security features including ASLR/DEP/Sandbox, it is silent (no crash after executing the payload), it relies on undisclosed (0day) vulnerabilities discovered by VUPEN and it works on all Windows systems (32-bit and x64).

See it in action below.

It should be also noted that the Windows Calculator (calc.exe) launch is just an example of such hack and it can be replaced with any hacker made payload as well.

Thanks, Blake!

Picture Source: Joy Damm (Flickr)
Via: ComputerWorld


About (Author Profile)


Vygantas is a former web designer whose projects are used by companies such as AMD, NVIDIA and departed Westood Studios. Being passionate about software, Vygantas began his journalism career back in 2007 when he founded FavBrowser.com. Having said that, he is also an adrenaline junkie who enjoys good books, fitness activities and Forex trading.

Comments (12)

Trackback URL | Comments RSS Feed

  1. Necroman says:

    OMG, they launched the calculator, the end is near O.o

  2. IE & Opera FanBoy says:

    This is a big blow to Google and their fan boy’s. I don’t know how much did the Hacker spent to find this vulnerable.

    • You Get Nothing says:

      Implying IE hasnt suffered thousands of blows like this

      • Opera & IE fanboy says:

        IE & Opera has these similar issues, my point is now no one will claim Chrome is 100% secure software. My point here is all the application has vulnerable and the user should be trust any application (even Notepad.exe) for safe,secure & privacy.

        • Opera & IE fanboy says:

          Sorry, I Meant ” the user should NOT trust any application (even Notepad.exe) for safe,secure & privacy. “

      • Sarjoor says:

        @You Get Nothing, in fact, IE has *NOT* suffered thousands of blows like this! This is a hack get gets through the security sandbox designed specifically to separate Chrome from the OS. IE has never had a sandbox environment. Chrome has always been so proud of their security sandbox. This is a big blow if this hack is real.

  3. DWBH says:

    If google unable to confirm the claim. They will not fix it right ?

  4. Nyromith says:

    I think that security is specially important to Google because they prepare the groud for Chrome OS, and want people to be confident that this OS will be perfectly secure. Of course this client hack tells nothing about their server-side security, but the perfectly-secured software image received a blow. (IMO a much more serious blow to cloud storage in general is the PSN hack.)

    Still, I think Google invests more money in security than any other company, and their browser is more secure than the others.

    That doesn’t change the fact that Chrome is a spyware.