来自法国的安全研究机构VUPEN宣称他们突破了chrome的沙箱保护,ASLR/DEP保护也一同被突破。VUPEN宣称漏洞代码将不会被公布,只会提供给他们的政府合作伙伴,所以我们并不清楚chrome的开发团队是否被通知漏洞信息。
下面是他们的声明:
Hi everyone,
We are (un)happy to announce that we have officially Pwnd Google Chrome and its sandbox.
The exploit shown in this video is one of the most sophisticated codes we have seen and created so far as it bypasses all security features including ASLR/DEP/Sandbox, it is silent (no crash after executing the payload), it relies on undisclosed (0day) vulnerabilities discovered by VUPEN and it works on all Windows systems (32-bit and x64).
The video shows the exploit in action with Google Chrome v11.0.696.65 on Microsoft Windows 7 SP1 (x64). The user is tricked into visiting a specially crafted web page hosting the exploit which will execute various payloads to ultimately download the Calculator from a remote location and launch it outside the sandbox at Medium integrity level.
While Chrome has one of the most secure sandboxes and has always survived the Pwn2Own contest during the last three years, we have now uncovered a reliable way to execute arbitrary code on any installation of Chrome despite its sandbox, ASLR and DEP.
This code and the technical details of the underlying vulnerabilities will not be publicly disclosed. They are shared exclusively with our Government customers as part of our vulnerability research services.
这个声明的大致意思是:VUPEN已经攻破了Goggle的Chrome浏览器,并且是在没有利用Windows本身的内核漏洞的情况下绕过了Chrome中的所有安全机制,并且可以实现完全无声的入侵。声明中还指出,出于安全原因,利用代码和潜在漏洞的技术细节不会被公开披露。它们只与政府客户分享漏洞研究作为服务的一部分。
原文地址:http://www.vupen.com/demos/VUPEN_Pwning_Chrome.php
【编辑推荐】
