Pwn2own hackers finally break into Google Chrome

THE SECURITY FIRM that won a prize for hacking into Safari during the Pwn2own contest in March, Vupen says it has broken into Google Chrome by taking advantage of a zero-day vulnerability.

Google Chrome escaped getting hacked during the contest, but Vupen seems to have been hard at work since then creating a seriously effective exploit that bypasses all of Google Chrome's security features including the ASLR/ DEP/ Sandbox. It doesn't exploit any vulnerabilities in Windows but the hack does work on Google Chrome running on all Windows systems.

In a video, Vupen showed the exploit in action, tricking a Windows 7 user into visiting a booby-trapped webpage that hosts the exploit. Once that happens, the payload can be remotely executed from a location outside the sandbox.

Vupen's vulnerability research team bragged, "While Chrome has one of the most secure sandboxes and has always survived the Pwn2Own contest during the last three years, we have now uncovered a reliable way to execute arbitrary code on any default installation of Chrome despite its sandbox, ASLR and DEP."

Google gives the biggest financial bounty rewards for bugs that affect its sandbox, but Vupen is keeping details of the vulnerability exclusively for its government customers, which might be happy to pay large amounts of cash for an exploit they can use for the 'offensive missions' described on the firm's web site.

UPDATE
In tweets since the announcement, Google engineers have claimed it was actually a Flash bug that Vupen took advantage of, instead of a sandbox exploit the firm originally claimed. It is still a legitimate attack against Chrome, though. µ