"We are (un)happy to announce that we have officially Pwnd Google Chrome and its sandbox", says the company in its latest security blog, adding that the company has posted a YouTube video to highlight its methodologies.
The exploit shown in the video, says Vupen, is one of the most sophisticated codes yet seen, since it bypasses all of Chrome’s security features, including ASLR/DEP/Sandbox.
"It is silent - i.e. no crash after executing the payload - and relies on undisclosed (zero-day) vulnerabilities discovered by Vupen and it works on all Windows systems (32-bit and x64)", notes the company
According to Vupen, the YouTube video shows the exploit in action with Google Chrome v11.0.696.65 on Microsoft Windows 7 SP1 (x64).
"The user is tricked into visiting a specially crafted web page hosting the exploit which will execute various payloads to ultimately download the Calculator from a remote location and launch it outside the sandbox at medium integrity level", says the firm's blog posting, adding that the Calculator can be replaced by any other payload.
Whilst Chrome has one of the most secure sandboxes and has always survived the Pwn2Own contest during the last three years, Vupen says it has revealed a reliable way to execute arbitrary code on any installation of Chrome, despite its sandbox, ASLR and DEP.
The good news, if your company's name starts with `Goo' and end with `gle' is that Vupen says ut has no plans to reveal the code methodology of its crack, or the underlying vulnerabilities.
They are, says the company, "being shared exclusively with our government customers as part of our vulnerability research services."