When we talk about web browser security, we usually consider Google Chrome, with its advanced sandboxing, as one of the most secure browsers. Chrome has earned that reputation by being un-hackable for three years in the Pwn2Own contest.
Today VUPEN Security has come up with a "reliable way to execute arbitrary code on any installation of Chrome despite its sandbox, ASLR and DEP". According to them, the exploit does not crash the browse after the execution of the payload and works on both the 32-bit and 64-bit versions of Windows.
To demonstrate the exploit, VUPEN Security has made a video in which they have successfully launched the Calculator application by opening a specially crafted webpage in Chrome.
Understandably, VUPEN Security said that they will not publicly release the technical details of the exploit.
If you cannot see the embedded video, click here.
Related Posts by Tags: chrome, Google, Security