Security Bytes

May 10 2011   1:38PM GMT

VUPEN outs sandboxing weaknesses in Google Chrome attack



Posted by: Robert Westervelt
Tags:
Application Security
browser vulnerabilities
security research

The French security firm exploited a Google Chrome vulnerability, bypassing its sandboxing security feature and ASLR and DEP capabilties.

Google Chrome’s sandboxing security technology, designed to keep malicious code from infiltrating system processes has been compromised by researchers at VUPEN Security.

In an advisory issued Monday, the company said its research team discovered a zero-day vulnerability in the Google browser. The flaw enabled the team to bypass all security features in Chrome, including Address Space Layout Randomization and Data Execution Prevention, two techniques designed to foil exploits from gaining access to running processes.

“While Chrome has one of the most secure sandboxes and has always survived the Pwn2Own contest during the last three years, we have now uncovered a reliable way to execute arbitrary code on any default installation of Chrome despite its sandbox, ASLR and DEP,” the company said in its advisory.

The bypass works on Windows systems and relies on zero-day vulnerabilities. The company said the attack can be pulled off without exploiting a Windows kernel vulnerability.

The company said it would not publicly disclose the exploit code or technical details of the underlying vulnerabilities. The company issued an accompanying video as proof that the browser vulnerability was exploited.

A Google spokesperson told Brian Krebs of KrebsOnSecurity that the company’s engineering team was unable to verify VUPEN’s claims, because VUPEN hadn’t shared any information about their findings. If the vulnerability is verified, Google will issue an automatic update to the browser.

Weaknesses in ASLR and DEP have surfaced in the past at the TippingPoint Pwn2Own contest. Microsoft, which uses the technology, said a successful attack typically takes extremely sophisticated measures, including multiple zero-day vulnerabilities.

Sandboxing technology is seen as an added layer of defense for applications that are commonly targeted by attackers. Adobe Systems Inc. developed Adobe Reader X, which uses a sandbox to thwart attacks. A researcher bypassed a similar sandboxing feature used in Adobe Flash Player. The company has acknowledged that sandboxing is not a silver bullet approach, but an added security layer that can deter many attackers.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: