0-Day exploit bypasses Chrome sandbox

Discussion in 'Security and Anti-Virus Software' started by Hungry Man, May 9, 2011.

Thread Status:
Not open for further replies.
  1. Hungry Man

    Hungry Man Notebook Virtuoso

    Reputations:
    661
    Messages:
    2,357
    Likes Received:
    0
    Trophy Points:
    55
    The exploit bypasses DEP and the sandbox via buffer overflow. It doesn't effect Chrome beta or above.

    https://threatpost.com/en_us/blogs/researchers-say-new-bugs-can-bypass-google-chrome-sandbox-050911

    I wonder if this'll be addressed in tomorrow's Patch Tuesday.

    This is significant because Chrome's sandbox has never been circumvented before.
     
  2. ikovac

    ikovac Cooler and faster... NBR Reviewer

    Reputations:
    872
    Messages:
    1,637
    Likes Received:
    0
    Trophy Points:
    55
    Uh bad. But I guess some good HIPS could have catch it outside Chrome sandbox? Or no?
     
  3. Hungry Man

    Hungry Man Notebook Virtuoso

    Reputations:
    661
    Messages:
    2,357
    Likes Received:
    0
    Trophy Points:
    55
    I don't know enough about it. I wouldn't really worry about this particular exploit since it's apparently really complicated and it's been found out by a security company and not a hacker.
     
  4. sarge_

    sarge_ Notebook Deity

    Reputations:
    288
    Messages:
    896
    Likes Received:
    1
    Trophy Points:
    31
    I would would be VERY worried about this exploit.

    * "The exploit shown in this video is one of the most sophisticated codes we have seen" <- It's not their code, they found or acquired it, which means it is in the wild.
    * They are not releasing details about it, which means Chrome devs have no idea what's going on.
    * It is a perfect remote execution exploit bypassing ALL safeguards.

    Scary.
     
  5. Pirx

    Pirx Notebook Virtuoso

    Reputations:
    2,999
    Messages:
    3,005
    Likes Received:
    415
    Trophy Points:
    151
    It's not as if I hadn't been telling people for months now to forget about Chrome, and stick with IE. :frown:

    ;)
     
  6. sarge_

    sarge_ Notebook Deity

    Reputations:
    288
    Messages:
    896
    Likes Received:
    1
    Trophy Points:
    31
    I was horrified for a second or so. :D
     
  7. Hungry Man

    Hungry Man Notebook Virtuoso

    Reputations:
    661
    Messages:
    2,357
    Likes Received:
    0
    Trophy Points:
    55
    You misunderstand. Vupen found the exploit, it's not in the wild.

    They aren't releasing it... but I wouldn't say the devs have no clue. They know it's buffer overflow so it's not going to be some insane task to track it down.

    Including DEP, which means M$ could patch it as well.

    This is a single issue that you will likely never run into. This is not something to worry about unless you're a google employee.

    And Pirx, both Chrome and IE9 use the same exact security scheme except that:
    1) IE9 isn't on as quick of a release schedule. Monthly security updates? A new major version every year maybe? If we're even that lucky.
    2) It'll be targeted most of all as long as it's the default browser and holds majority.
    3) I don't believe it sandboxes flash, which is frankly a big security flaw if we're holding it up to Chrome.

    Both use sandboxing and both use low integrity. The one thing IE9 has is it's better at detecting malicious sites/ downloads. Chrome beta (and maybe stable?) provides this but it's not as good yet from what I've read.
     
  8. sarge_

    sarge_ Notebook Deity

    Reputations:
    288
    Messages:
    896
    Likes Received:
    1
    Trophy Points:
    31
    They say "we have seen", not "we have developed". That's what's bugging me.
     
  9. Pirx

    Pirx Notebook Virtuoso

    Reputations:
    2,999
    Messages:
    3,005
    Likes Received:
    415
    Trophy Points:
    151
    Yeah, I know. See the smiley...

    Well, in a case like that Microsoft is known to release emergency patches quite quickly. Speaking of which, where is the patch for Chrome? So far my Chrome happily reports it's "up-to-date"... :rolleyes:

    Yep, true, that.
     
  10. Hungry Man

    Hungry Man Notebook Virtuoso

    Reputations:
    661
    Messages:
    2,357
    Likes Received:
    0
    Trophy Points:
    55
    Because you don't create exploits, you find them. They found one using an incredibly complex process using multiple bugs.

    I have all emotes turned off as a security feature! You never know what's hiding in .pngs =p

    Where's the update for DEP from M$? I'm sure it'll be patched soon... and even if it were never patched it's not a huge security flaw, it's just a single instance that's basically proved Chrome isn't invulnerable =p

    Hopefully this is the last time we something like this for at least another three years haha
     
Thread Status:
Not open for further replies.

Share This Page