dcsimg

Whitehats Subvert Google Chrome Sandbox

The exploit, according to Vupen, "bypasses all security features."

 By Kara Reeder | Posted May 11, 2011
Page of   |  Back to Page 1
Print Article
InformationWeek reports that French vulnerability research firm Vupen has discovered a way to circumvent Google Chrome's heralded sandbox feature, which is designed to stop attackers from exploiting arbitrary code via the browser. The exploit, according to Vupen, "bypasses all security features."

Vupen has not provided specific details of the attack. According to Computerworld, a user could be tricked into visiting a maliciously coded website that would execute the exploit. The vulnerabilities were exploited using Chrome 11 running on a Windows 7 machine, using two different exploits.

Google has not commented, except to say:

We're unable to verify Vupen's claims at this time as we have not received any details from them.

Comment and Contribute
(Maximum characters: 1200). You have
characters left.
Get the Latest Scoop with Enterprise Networking Planet Newsletter

By submitting your information, you agree that enterprisenetworkingplanet.com may send you ENTERPRISENetworkingPLANET offers via email, phone and text message, as well as email offers about other products and services that ENTERPRISENetworkingPLANET believes may be of interest to you. ENTERPRISENetworkingPLANET will process your information in accordance with the Quinstreet Privacy Policy.