InformationWeek reports that French vulnerability research firm Vupen has discovered a way to circumvent Google Chrome’s heralded sandbox feature, which is designed to stop attackers from exploiting arbitrary code via the browser. The exploit, according to Vupen, “bypasses all security features.”
Vupen has not provided specific details of the attack. According to Computerworld, a user could be tricked into visiting a maliciously coded website that would execute the exploit. The vulnerabilities were exploited using Chrome 11 running on a Windows 7 machine, using two different exploits.
Google has not commented, except to say:
We’re unable to verify Vupen’s claims at this time as we have not received any details from them.