Right when you thought you’ve been safe from the news of a potential security threat, here is one news piece that is pretty alarming. Google Chrome has survived assaults at the Pwn2Own contest for the last three years – that is – until now. Thanks to French security firm VUPEN, they were not very pleased that they have officially “Pwned” Google Chrome and its protective Sandbox measures – all without even touching any of the Windows OS kernel. The following exploit works on all Windows systems as long as they are running the latest versions of Chrome. Scary indeed.
In the video, a web page is loaded displaying just a text message – “Your browser is being Pwned!” – and after a few seconds of inactivity (and without a visible crash in Chrome), the windows calculator application runs. According to the VUPEN write-up, the calculator executable was downloaded and executed – leaving it up to the imagination that other programs can downloaded and ran through Chrome.
At Pwn2Own in March this year, VUPEN successfully attacked Safari in much the same way. A specially crafted web page was loaded and several seconds later, the Mac OS X calculator application was launched and a file was written to the hard drive to demonstrate that the Sandbox had been compromised.