After enjoying 3 decades of ‘hackers-proof status‘ and after staying unhacked from the last three Pwn2Own hacking competitions, Google Chrome, one of the most secure web browsers available today has finally been hacked, according to what Vupen, a French security company claims.
So if you are a Google Chrome fan and had enjoyed it as a browser that can not be hacked (thanks to Chrome’s inbuilt sandboxing approach which is key to the browser’s core protection from hacking attacks), then rejoice no more — Google Chrome browser now has been hacked and cracked!
This attack code is designed to pierce key defenses built into Google’s Chrome browser, allowing the hackers to reliably execute malware on end user machines.
The security firm said that the attack required sophisticated attack code and breaks through Chrome without exploiting a Windows Kernel vulnerability. They released video proof showing that it’s possible to force the browser to download and run a calculator application without the browser crashing or computer showing any signs of something going on. In a regular attack, this calculator would be replaced with a hacker made payload (malicious program).
The exploit apparently works with “default” Chrome installations on all 32-bit and 64-bit Windows systems. The tested Chrome version was 11.0.696.65.
Google said it was unable to confirm Vupen’s claims. “The exploit … is one of the most sophisticated codes we have seen and created so far, as it bypasses all security features including ASLR/DEP/Sandbox,” said Vupen in a blog post Monday. “It is silent (no crash after executing the payload), it relies on undisclosed (‘zero-day’) vulnerabilities and it works on all Windows systems.“
VUPEN Pwned Google Chrome Sandbox Bypass [Video]
This video is showing the latest version of Chrome running on a 64-bit version of Windows 7. By loading the address of a specially designed website, the researchers are able to force the browser to download and run a calculator application without crashing or showing any other signs of anything fishy.
And evidently it is not just Google Chrome’s security that has been exposed by this hack. The Vupen attack code also bypassed Windows 7′s ASLR (address space layout randomization) and DEP (data execution prevention), two other security technologies meant to make hackers’ jobs tougher.
“This code and the technical details of the underlying vulnerabilities will not be publicly disclosed,” said Vupen. “They are shared exclusively with our Government customers as part of our vulnerability research services.“
But even though Vupen has refused to reveal to the public or Google what the holes are, hopefully Google fixes the vulnerabilities soon before other hackers catch wind of the exploit and start making use of it.
Top 10 Reasons Why Google is So Popular!
Change is unavoidable. Review of the all New Orkut 
Google Signals The End for Wave; Going to Stop Development
Role of Social Networks and Smartphones in Internet Security
1080p HD Is Coming to YouTube
Jan Christian (9)
Winsten (5)
auto accident lawyers (4)
Farrell John Conejos (4)
Ronaldo Ferrer (4)
SEO Manipulator (4)
Teckop (4)
Vivek Bhatt (4)
It had to happen some day,but we have to remember that even if it’s breakable, chrome is still the most secure browser.
Machine donuts´s recent blog post ►► Recette pour la pâte à donuts
You are right — Chrome is still the most secure browser. But after this massive security hole discovery, question remains — for how long?
Great job. The thing to notice is the fact that it took three years to hack the browser.
Umair´s recent blog post ►► ‘Hello’ – Facebook App for iPad
True. But now that it has been hacked in the worst possible way (the very core of Chrome’s security shield — the sandbox — has been exposed), time will tell what awaits ahead when hackers start attempting all sorts of nasty attacks!
Now this Hack really needs to be recognized by Google..Good Job by Vupen
Rohit | Ipod Touch 4G´s recent blog post ►► Green Farm Game for iPod Touch 4G
It is rightly said: “Security is there, but for how long???” Nothing is secure on web and Chrome is no exception. But, fixing such exploits helps in reducing such risks.
Rajesh@Bypass Sharecash´s recent blog post ►► Free Hotfile- Megaupload- Fileserve Premium Link Generator-Cookies
Lets hope Google is already working on a fix for this vulnerability!
I guess there is no foolproof system which can’t be sabotaged.
Finally day came for google chrome browser.
Hackers are getting smarter each day and soon they will be able to hack almost everything. This means that people should be more aware with their systems.It seems like nothing is totally secure now.