Jump to content

Exploits Chrome zero-day to hack browser, escape sandbox and ASLR/DEP

Recommended Posts



Exploits Chrome zero-day to hack browser, escape sandbox and ASLR/DEP


"The exploit ... is one of the most sophisticated codes we have seen and created so far, as it bypasses all security features including ASLR/DEP/Sandbox," said Vupen in a blog post Monday. "It is silent (no crash after executing the payload), it relies on undisclosed ('zero-day') vulnerabilities and it works on all Windows systems."

No video vão ver a calculadora do windows, pois foi o shell code usado. Pode ser usado qualquer shell code como por exemplo uma linha de comandos e ai "OWNED"

Uma demonstração em video no YouTube.



Every year we tune in to the CanSecWest conference and watch the Pwn2Own challenge commence. This usually consists of browsers including Internet Explorer, Firefox, and Safari getting hacked on the first day. One browser you will notice is missing from that list is Google Chrome, the reason being its sandbox security measures have made it very tough to crack.

In fact, Google uses three types of security measure in Chrome that make it very difficult to exploit. They consist of Address Space Layout Randomization (ASLR), Data Execution Prevention (DEP), and the most commonly referred to sandbox.

ASLR means the data used for the executable, libraries, heap, stack, and address space are never in the same location twice in memory. This makes predictions tough for the hacker making certain types of exploit very difficult if not impossible to use. DEP stops code execution from a non-executable memory region which means the common buffer overflow exploits don’t work. Finally we have the sandbox, which sees each tab you open in Chrome get its own process and is stripped of its rights meaning it can’t affect anything other than itself on the system and in the browser.

Tough as all those measures sound and indeed are, Chrome has had its sandbox compromised this week by security company VUPEN. The video above shows the hack using a sophisticated zero-day exploit that manages to run arbitrary code through the browser. Most importantly, it bypasses the sandbox, ASLR, and DEP security measures.

The exploit works on both 32-bit and 64-bit Windows systems and executes silently meaning it can be used without the browser or system crashing. In order for it to work a user would just have to visit a website created to take advantage of the vulnerabilities.

As it uses new zero-day vulnerabilities VUPEN has discovered, it would be possible to use it on the most recent version of Chrome most of us end users will be running. However, for that to happen VUPEN would need to make the exploit public which it has no intention of doing. The only other way this could be used in the wild is if some other hacker has managed to find the same or similar exploits. Let’s hope not.





Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Create New...

Important Information

By using this site you accept our Terms of Use and Privacy Policy. We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.