French security firm Vupen said today its team has figured out a way to bypass security measures in Chrome and offers a video demo it says is a successful attack against the browser running on a Windows machine.
"We are (un)happy to announce that we have officially Pwnd Google Chrome and its sandbox," the Vupen Security blog said. "The exploit shown in this video is one of the most sophisticated codes we have seen and created so far as it bypasses all security features including ASLR [Address Space Layout Randomization]/DEP [Data Execution Prevention]/Sandbox, it is silent [no crash after executing the payload], it relies on undisclosed (0day) vulnerabilities discovered by VUPEN and it works on all Windows systems (32-bit and x64)."
In the video, someone using Chrome v11.0.696.65 on Windows 7 Service Pack 1 (x64) is tricked into visiting a malicious Web page hosting the exploit. Once the machine is compromised, the exploit code downloads a Calculator program from a remote location and launches it outside the sandbox at "medium" integrity level, according to Vupen.
"While Chrome has one of the most secure sandboxes and has always survived the Pwn2Own contest during the last three years, we have now uncovered a reliable way to execute arbitrary code on any installation of Chrome despite its sandbox, ASLR and DEP," the post said.
Vupen, which did not respond to an e-mail seeking comment today, said it would not publicly disclose the exploit code or technical details of the vulnerabilities but will share them with its government customers as part of its vulnerability research services.
Asked for comment, a Google spokesman said: "We're unable to verify VUPEN's claims at this time as we have not received any details from them. Should any modifications become necessary, users will be automatically updated to the latest version of Chrome."