Tuesday, May 10, 2011

VUPEN pwns Chrome

VUPEN Security claims to have pawned Google Chrome and has released a video prporting that claim. This effects Chrome version 11.0.696.65 and Win7 SP1 64-bit. This code that VUPEN came up with, bypasses ASLR, DEP and Sandbox. It is also silent, in that the browser does not crash after executing the payload. VUPEN claims it works on all Windows systems (x86 and 64). Chrome has survived the PWN2OWN contest for the past 3 yrs in a row.

Security VUPEN style, means VUPEN does not disclose this vuln to Google. It however will provide it to its clients and customers, enabling them to protect themselves. This in effect means, that Google may not have any way of verifying these claims, anytime soon.

This exploit is similar in nature to other browser exploits, Dude is tricked into visiting a webpage hosting exploit; Exploit gets executed, and then executes other payloads, ulimately downloading a malicious app from a remote location and dude is 0wned. Only difference here is that the malicious code somehow manages to run at medium integrity level.Duh!!! what are integrity levels. Look here for more details on this subject.