Posted by: Robert Westervelt
Application Security, browser vulnerabilities, security research
The French security firm exploited a Google Chrome vulnerability, bypassing its sandboxing security feature and ASLR and DEP capabilties.
Google Chrome’s sandboxing security technology, designed to keep malicious code from infiltrating system processes has been compromised by researchers at VUPEN Security.
In an advisory issued Monday, the company said its research team discovered a zero-day vulnerability in the Google browser. The flaw enabled the team to bypass all security features in Chrome, including Address Space Layout Randomization and Data Execution Prevention, two techniques designed to foil exploits from gaining access to running processes.
“While Chrome has one of the most secure sandboxes and has always survived the Pwn2Own contest during the last three years, we have now uncovered a reliable way to execute arbitrary code on any default installation of Chrome despite its sandbox, ASLR and DEP,” the company said in its advisory.
The bypass works on Windows systems and relies on zero-day vulnerabilities. The company said the attack can be pulled off without exploiting a Windows kernel vulnerability.
The company said it would not publicly disclose the exploit code or technical details of the underlying vulnerabilities. The company issued an accompanying video as proof that the browser vulnerability was exploited.
A Google spokesperson told Brian Krebs of KrebsOnSecurity that the company’s engineering team was unable to verify VUPEN’s claims, because VUPEN hadn’t shared any information about their findings. If the vulnerability is verified, Google will issue an automatic update to the browser.
Weaknesses in ASLR and DEP have surfaced in the past at the TippingPoint Pwn2Own contest. Microsoft, which uses the technology, said a successful attack typically takes extremely sophisticated measures, including multiple zero-day vulnerabilities.
Sandboxing technology is seen as an added layer of defense for applications that are commonly targeted by attackers. Adobe Systems Inc. developed Adobe Reader X, which uses a sandbox to thwart attacks. A researcher bypassed a similar sandboxing feature used in Adobe Flash Player. The company has acknowledged that sandboxing is not a silver bullet approach, but an added security layer that can deter many attackers.