Whitehats Subvert Google Chrome Sandbox

The exploit, according to Vupen, "bypasses all security features."

By Kara Reeder | Posted May 11, 2011
Print ArticleEmail Article
  • Share on Facebook
  • Share on Twitter
  • Share on LinkedIn
InformationWeek reports that French vulnerability research firm Vupen has discovered a way to circumvent Google Chrome's heralded sandbox feature, which is designed to stop attackers from exploiting arbitrary code via the browser. The exploit, according to Vupen, "bypasses all security features."

Vupen has not provided specific details of the attack. According to Computerworld, a user could be tricked into visiting a maliciously coded website that would execute the exploit. The vulnerabilities were exploited using Chrome 11 running on a Windows 7 machine, using two different exploits.

Google has not commented, except to say:

We're unable to verify Vupen's claims at this time as we have not received any details from them.

Comment and Contribute
(Maximum characters: 1200). You have
characters left.
Get the Latest Scoop with Enterprise Networking Planet Newsletter