Google Chrome Gets Cracked: Researchers Find Browser Bugs
Security researchers have reportedly found several new bugs in Google Chrome that have allowed them to hack into the notoriously secure Web browser.
Researchers at the French firm VUPEN announced today that they exploited vulnerabilities to crack into the most recent version of Chrome 11 running on Windows 7. The hack, VUPEN said, works on all Windows systems.
In a proof-of-concept demonstration, researchers launched the Chrome attack by using a specially rigged Web page that, when visited, enabled the attackers to remotely "execute various payloads" on the target system.
The researchers used their exploit to trick the computer into downloading, installing and running a calculator application from a remote location. VUPEN assured that their innocent manipulation "can be replaced by any other payload."
Perhaps most impressive, and ultimately alarming to Google, is that VUPEN's demonstration exploited Chrome's sandbox, a security feature designed to isolate computer attacks and prevent them from spreading.
The hack also bypassed the computer's Address Space Layout Randomization (ASLR) and Data Execution Prevention (DEP), two security features designed specifically to prevent an unauthorized application from running arbitrary code.
Since its release, Chrome has been praised for its security and ease. At a recent security conference, Chrome stood unchallenged in a hacking contest despite Google's offer of $20,000 to anyone who could exploit it.
VUPEN's discovery and successful exploitation of the new Chrome flaws could potentially cause a shift in the way customers see the popular Web browser. Coupled with the fact that malware authors have recently begun devoting more malicious attention to Chrome, it will be interesting to see how Google addresses the issue, and whether or not loyal Chrome users will ultimately flock to new browsers.