Hacking competition: Google Chrome falls
As a side event to the CanSecWest security conference, the Pwnium and Pwn2Own hacking competitions have this year seen Google Chrome fall victim to a flaw.
Google Chrome finally gave out to repeated attacks. In previous years – mostly due to a lack of participants willing to take the browser on – Google’s browser managed to come out of Pwn2Own’s hacking competition without failing. This isn’t the case this year.
French hacking group VUPEN prepared their attack with 0-day flaws up their sleeve for the four browsers in competition: Google Chrome, Internet Explorer, Firefox and Safari. They decided to start their attacks against Google Chrome though to demonstrate that no browser is unbreakable.
By viewing a hijacked web page, and without user interaction, two flaws were exploited allowing them to take control of the computer using the Windows 7 (64-bit) operating system. One fault allowed them to bypass Windows DEP and ASLR protection, while the other to break Google Chrome’s sandbox.
ASLR helps prevent attackers from gaining access to known memory addresses which can be used in memory buffer overflows, while DEP helps fight off attacks by preventing malicious code from being executed in the non-executable memory space. As for Google’s sandbox, it appears that the protection implemented into the browser which isolates it from the OS is shared by Germany’s Federal office of computer technologies security.
Last year, VUPEN stated that they had developed an exploit capable of bypassing Google Chrome’s sandbox. This hole is now a subject of controversy as Google believes that in reality the exploit partly calls on a vulnerability in third party code belonging to the Flash Player plug-in (integrated by default).
On ZDNet, Chaouki Bekrar - co-founder of VUPEN and security researcher – refused to say whether the exploit seen at Pwn2Own targeted third party code in the browser. "Our exploit worked against the default installation so it really doesn’t matter if it’s third-party code anyway". This should remove any doubt about the validity of the hack, especially since VUPEN will only reveal the vulnerability linked to the sandbox to their clients.
According to Chaouki Bekrar, Google Chrome nevertheless remains one of the safest browsers available with highly robust sandbox protection.
Google prefers Pwnium
This year, Google decided not to support the Pwn2Own competition which authorises participating contestants to attack systems without having to reveal the full process of their exploits to affected editors if they don’t want to. Google instead sponsored an alternative competition, Pwnium, providing up to a million de dollars in prizes.
At Pwnium, a Russian student managed to hack a Windows 7 computer (64-bit) via remote execution code and an attack which played on Google Chrome’s sandbox. For demonstrating this fault he takes away a 60 000 dollar prize. Sergey Glazunov is frequently credited with finding flaws in Google Chrome, with his name often appearing in Google’s rewards program.
The exploit was judged very impressive by a member of Chrome’s security team. He added that if the exploit was specific to Google Chrome and could completely bypass the sandbox, it didn't break out of the sandbox but it avoided the sandbox.
This time, Google will be able to provide an update to Google Chrome, with it to be made available as soon as possible.
|Previous news||Next news|
|LulzSec: Sabu betrayed his fellow hackers||Windows 8: changes for IE10|