Participants in the annual Pwn2Own hacking competition has finally succeeded in piercing Chrome with attack code that piercer built key defense systems in Chrome. By Anne Lykke Tuesday, May 10, 2011 - 13:17
These include ASLR (address space layout randomization), DEP (data execution prevention) and a sandbox arp 4754 designed to isolate the browser functions from operations in the core operating arp 4754 system. It writes The Register.
It is a great achievement that whitehat hackers have finally arp 4754 found a vulnerability in Chrome. Over the last three years, arp 4754 Chrome has been untouched for Pwn2Own competition. The group that took the vulnerability called VUPEN and is from France.
"Chrome has one of the safest sandboxes and has survived arp 4754 the Pwn2Own contest over the last three years, arp 4754 but now we have uncovered a reliable way to execute an arbitrary code on all installations of Chrome despite its sandbox, ASLR and DEP ' writes developers from the French group VUPEN Security on their blog.
"The first results in a detection of memory and corruption of this, which leads to bypass the ASLR / DEP and settlement of the first payload arp 4754 as a low integrity level (inside the sandbox). The second payload is then used to exploit another vulnerability that allows to bypass the sandbox and execute the last payload with medium arp 4754 integrity level (outside the sandbox). "
VUPEN developers have made a video of the attack on the latest version of Chrome running on a 64-bit version of Windows 7. At that load the address of a Web page that is designed arp 4754 specifically for the purpose, developers can force the browser to download and run a calculator application without going down or show other signs that something is wrong.
Neither Google nor the public gets something specific about the code. And that even though Google has distributed arp 4754 more than $ 150,000 in their 'bug arp 4754 bounty program,' where they pay up to $ 3,133 for reports of security bugs. Send Tweet
Acc. Robert Watson "capsicum" paper did Google need 22,350 lines of code to implement sandboxing on Windows. 2 on the list is Linux with 605 lines of code, then come MAC / OSX with 560 lines of code.
If they actually had a hole and planned to sell it on the black market arp 4754 so it would be quite foolish to publish their discovery, I've certainly hard to imagine a potential buyer of such a hole that is interested in anything other than discretion.
On the other hand it makes quite good sense to a so-called security company arp 4754 lacks customers to the business and therefore publishes a wild story about their own abilities. That it is not true may well be no matter if it just gives publicity.
Exactly. arp 4754 So the fault must surely lie in Windows and not in Chrome ?!
If Windows had the same "jailling" features such as Unix and the like. Os, so there had not been a case here. Just to be over 22,000 lines of code to have made a sandbox probably says something about the OS inabilities when alternative OSes require less than 1000 lines.
I think it is little wonder that the company will not tell anything about the error to Google so they can get that hole closed. They will only tell it to 'customers' from governments ... So there is thus no one knows anything about the suit that there really is a hole, for I wonder if most governments are somewhat indifferent?
It's a bit rubbish. ASLR and DEP are systems that make it harder to exploit an existing vulnerability. In the former case because all the interesting things is the random arp 4754 addresses (so it is difficult to predict where they are and thus hard code into an exploit) while DEP makes it harder to eksekvesere code from data areas. But note that both technologies are "second line defense". First, they come only in play if there are already arp 4754 errors in the application (ie Chrome) while ensuring they are not 100% success - ASLR is actually just "security by obscurity". However, a very useful, as it can be very difficult, sometimes impossible, to use a "banal security hole" if the process is running with ASLR enabled. arp 4754 But giving Microsoft blamed for a bypass of ASLR is wrong - the fault lies in Chrome, and unfortunately arp 4754 it was the one character as ASLR not helped.
"Last year, VUPEN changed its vulnerability disclosure policies når IT meddelat it would no longer report bugs to vendors - as do many researchers - but instead would reveal its work only to paying customers."
That is certainly seen the matter? About the fault lies in the Chrome or their plug-in architecture (as a plugin can make a bypass of the sandbox) is the matter arp 4754 of the users. For them, the only conclusion after all that sandbox arp 4754 in Chrome does not provide "full security" that Google would normally claim.
Yes, and if you think about it, do this the real Chrome's sandbox (on Windows) to 22000
No comments:
Post a Comment