It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Some features of ATS will be disabled while you continue to use an ad-blocker.
(visit the link for the full news article)
We are (un)happy to announce that we have officially Pwned Google Chrome and its sandbox.
The exploit shown in this video is one of the most sophisticated codes we have seen and created so far as it bypasses all security features including ASLR/DEP/Sandbox (and without exploiting a Windows kernel vulnerability), it is silent (no crash after executing the payload), it relies on undisclosed (0day) vulnerabilities discovered by VUPEN and it works on all Windows systems (32-bit and x64).....
......For security reasons, the exploit code and technical details of the underlying vulnerabilities
Originally posted by Chesster
Hackers who help any gov are lame and should be hacked out of existence. Original hacking was about freedom of information. Not helping big bro exploit us. They should release the information to everyone like every other hacker would do. Bunch of gov script kids.
That's a little scary.
Originally posted by Ahmose
If you're not using windows, (and google chrome) you're ok.
But if you are using windows with google chrome, you may want to think about going back to Firefox as your browser.
This doesn't sound like a consistently bad product with a poor security history to me.
While Chrome has one of the most secure sandboxes and has always survived the Pwn2Own contest during the last three years
February 2, 2011, 2:55pm PST
Google is offering a $20,000 cash prize for any hacker who can successfully compromise a Windows 7 machine via a vulnerability — and sandbox escape — in its Chrome web browser.
The prize is part of this year’s CanSecWest Pwn2Own contest, which will pit some of the world’s best security researchers and exploit writers against popular web browsers and mobile devices. During last year’s contest, Google Chrome was the only browser left standing but with the enhanced cash prize — and publicity that goes along with a successful Chrome netbook hack — there is a strong likelihood that someone will take aim at Chrome this year.
VUPEN released a video of the exploit in action to demonstrate a drive-by download attack that successfully launches the calculator app without any user action.
The exploit shown in this video is one of the most sophisticated codes we have seen and created so far as it bypasses all security features including ASLR/DEP/Sandbox (and without exploiting a Windows kernel vulnerability), it is silent (no crash after executing the payload), it relies on undisclosed (0day) vulnerabilities discovered by VUPEN and it works on all Windows systems (32-bit and x64).
VUPEN, which sells vulnerability and exploit information to business and government customers, does not plan to provide technical details of the attack to anyone, including Google.
VUPEN made headlines in March this year when a team of its researchers hacked into Apple’s MacBook via a Safari vulnerability to win the CanSecWest PWN2Own contest.
Originally posted by Ahmose
Have you upgraded to FF4 yet?
Thanks for the post.
Originally posted by Amaryllis
No love for Opera?
I have to admit that Chrome is fast, and I'm using it right now.
I'm usually alternate between Opera and Chrome but, I guess I'll be going back to Opera.