Windows Google Chrome PWNED on Windows 7, exploit leaps over sandbox/ASLR/DEP - Techist - Tech Forum

Go Back   Techist - Tech Forum > Techist Forum Information > News > Software
Click Here to Login
Closed Thread
 
Thread Tools Display Modes
 
Old 05-10-2011, 08:57 AM   #1 (permalink)
Call me Mak or K
Mod Emeritus
 
KSoD's Avatar
 
Join Date: Sep 2004
Location: C:\
Posts: 35,647
Default Google Chrome PWNED on Windows 7, exploit leaps over sandbox/ASLR/DEP

If you’ve been using Google Chrome and feeling smug that you’re browser is immune to being attacked, think again.

Here’s an interesting hack attack on the browser than not only bypasses the Google Chrome sandbox, but also Address Space Layout Randomization (ASLR) and Data Execution Prevention (DEP) on Windows 7 SP1.

All that is required it to trick a user into visiting a specially crafted web page hosting the exploit and a number of payloads will be executed silently with no user interaction.

Here’s a video that shows the sophisticated exploit in action:



Scary stuff, not just because it bypasses the Chrome sandbox, but because it walks through two Windows defense systems to do so.

It’s obvious that there are a number of zero-day vulnerabilities at work here.

More details over on VUPEN.

Source
__________________

__________________
I do not accept support questions via EMail, PM, IM or my G+ page!

Phone: LG Optimus G Pro
Running: Stock JB from LG with Nova Launcher

KSoD is offline  
Old 05-10-2011, 09:38 AM   #2 (permalink)
Build Guru
 
PP Mguire's Avatar
 
Join Date: Dec 2004
Location: Fort Worth, Texas
Posts: 28,280
Default Re: Google Chrome PWNED on Windows 7, exploit leaps over sandbox/ASLR/DEP

This, is why I don't care about Windows updates, nor browser security. Also the only reason why I browse less than 10 sites everyday.
__________________

__________________
"Resolution is just a number." #Ubisoft
Origin/Steam = PP_Mguire Twitch = pp_mguire Instagram = ppmguire PSN = PP_Mguire

Access to my Plex PM me.
PP Mguire is offline  
Old 05-10-2011, 10:22 AM   #3 (permalink)
Call me Mak or K
Mod Emeritus
 
KSoD's Avatar
 
Join Date: Sep 2004
Location: C:\
Posts: 35,647
Default

Can I ask what a flaw in Google Chrome has to do with Windows Updates?

The site is designed to get around 2 aspects of Windows yes but only by exploiting a flaw in Chrome first. You don see this exploit working to bypass ASLR or DEP being used in any other browser. Which mans that this flaw comes from Chrome, not Windows.

You want to he insecure online that is your choice. But this is not a flaw with Windows itself. It specifically is due to Chrome.
KSoD is offline  
Old 05-10-2011, 01:01 PM   #4 (permalink)
Build Guru
 
PP Mguire's Avatar
 
Join Date: Dec 2004
Location: Fort Worth, Texas
Posts: 28,280
Default Re: Google Chrome PWNED on Windows 7, exploit leaps over sandbox/ASLR/DEP

The fact that the flaws are there, and still bypass part of Windows is where my point lies with updates. There is no point for ME to download 100s of megabytes for updates to an OS when simple flaws in a browser can still breach security. Bottom line, if it can be done with Chrome (these security flaws in Windows that is) then it can be done period.
__________________
"Resolution is just a number." #Ubisoft
Origin/Steam = PP_Mguire Twitch = pp_mguire Instagram = ppmguire PSN = PP_Mguire

Access to my Plex PM me.
PP Mguire is offline  
Old 05-10-2011, 06:22 PM   #5 (permalink)
Lord Techie
 
Kharn's Avatar
 
Join Date: Feb 2007
Posts: 7,638
Default Re: Google Chrome PWNED on Windows 7, exploit leaps over sandbox/ASLR/DEP

I can see the big G patching this ASAP but I have been seeing a number of drive by's on one of my collector VM's running chrome haven't checked them yet, but this is a nice bubble to see burst.

Nothing is secure nothing, unless you take the machine off the network, burry it in concrete and steel then throw it into a volcano... even then expect to see a exploit using a particle accelerator and a supper sonic carrier pigeon.
__________________
Visit this and do something for the world!
www.hackersforcharity.org

Want to do even more? Take a look here and join the fight on human trafficking.

Hear and you forget, see and you remember, do and you understand.

Kharn is offline  
Old 05-10-2011, 09:54 PM   #6 (permalink)
Call me Mak or K
Mod Emeritus
 
KSoD's Avatar
 
Join Date: Sep 2004
Location: C:\
Posts: 35,647
Default Re: Google Chrome PWNED on Windows 7, exploit leaps over sandbox/ASLR/DEP

[UPDATE]VUPEN now says that this exploit does not rely on a Windows kernel exploit, so ASLR and DEP are secure.

I have no more information on the exploit here than what's given. I'm assuming that multiple exploits are needed to get past the three layers of defense since it's hard to imagine a single zero-day bypassing the sandbox, ASLR and DEP (although I suppose it could happen).

I have approached Vupen with some questions and will keep you updated.]

[UPDATE 2: There's a fair bit of hyperventilation going on in the TalkBack sections about who or what is to blame here. Is it a Google issue? Is it Microsoft? There's also claims that I'm 'picking' on one multi-billion dollar corporation or another.

Sheesh.



I know as much as you know here, which isn't very much. VUPEN say that this:

- Is a Google Chrome vulnerability
- It does not rely on a Windows kernel vulnerability
- It works on all Windows systems (including 32-bit and 64-bit)
- Relies on undisclosed zero-day vulnerabilities
- Sandbox, ASLR and DEP are bypassed

Given that VUPEN now clearly say that this doesn't rely on a Windows exploit, it's both safe and fair to say that this is a Google problem. And given that this exploit isn't in the wild, there's no need for a Chicken Little reaction.

This isn't about the merits of Windows vs. Mac vs. Linux, or who's to blame, or pledging allegiance to one multi-billion dollar corporation or another. It's about keeping end users safe.
__________________
I do not accept support questions via EMail, PM, IM or my G+ page!

Phone: LG Optimus G Pro
Running: Stock JB from LG with Nova Launcher

KSoD is offline  
Old 05-11-2011, 12:54 AM   #7 (permalink)
True Techie
 
aikbix's Avatar
 
Join Date: Apr 2011
Location: Somewhere
Posts: 174
Default Re: Google Chrome PWNED on Windows 7, exploit leaps over sandbox/ASLR/DEP

Quote:
Originally Posted by PP Mguire View Post
The fact that the flaws are there, and still bypass part of Windows is where my point lies with updates. There is no point for ME to download 100s of megabytes for updates to an OS when simple flaws in a browser can still breach security. Bottom line, if it can be done with Chrome (these security flaws in Windows that is) then it can be done period.
It's not inherently harmful either. You may be at an advantage when it comes to inexperienced hackers who most likely have no knowledge of zero-day exploits or outdated websites which use old methods of exploitation. I would tend to think that this is probably the majority of most anything you have to worry about. But lets be honest here, what is the overall probability of your machine in particular being exploited by a zero-day exploit if you're an experienced user? I guess your level of security would ultimately be relative to the primary purpose of your machine.
__________________
aikbix is offline  
Old 05-11-2011, 07:59 AM   #8 (permalink)
Lord Techie
 
Kharn's Avatar
 
Join Date: Feb 2007
Posts: 7,638
Default Re: Google Chrome PWNED on Windows 7, exploit leaps over sandbox/ASLR/DEP

Quote:
Originally Posted by aikbix View Post
It's not inherently harmful either. You may be at an advantage when it comes to inexperienced hackers who most likely have no knowledge of zero-day exploits or outdated websites which use old methods of exploitation. I would tend to think that this is probably the majority of most anything you have to worry about. But lets be honest here, what is the overall probability of your machine in particular being exploited by a zero-day exploit if you're an experienced user? I guess your level of security would ultimately be relative to the primary purpose of your machine.
Umm, TJX ring a bell.
__________________

__________________
Visit this and do something for the world!
www.hackersforcharity.org

Want to do even more? Take a look here and join the fight on human trafficking.

Hear and you forget, see and you remember, do and you understand.

Kharn is offline  
Closed Thread

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Store Notes In Google Chrome With Chrome Cuts Osiris Tips, Tricks & Tutorials 0 05-15-2010 11:48 AM
Google Chrome: Disable Tab Previews In Windows 7 Osiris Tips, Tricks & Tutorials 0 03-29-2010 08:21 AM
Google Chrome Is The Fastest Browser For Windows 7 Osiris Internet Software and Browsers 4 12-09-2009 09:25 PM
Add Google Sandbox Search Engine To Web Browsers Osiris Tips, Tricks & Tutorials 0 08-14-2009 08:11 AM
Trojan leaps from bogus Windows Update site Osiris Internet Software and Browsers 0 04-09-2005 09:33 PM



Copyright 2002- Social Knowledge, LLC All Rights Reserved.

All times are GMT -5. The time now is 08:54 PM.


Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.