New Chrome Exploit Bypasses Sandbox, ASLR and DEP 150
Trailrunner7 writes "Researchers at the French security firm VUPEN say they have discovered several new vulnerabilities in Google Chrome that enable them to bypass the browser's sandbox, as well as ASLR and DEP, and run arbitrary code on a vulnerable machine. The company said they are not going to disclose the details of the bugs right now, but they have shared information with some of their government customers. The vulnerabilities are present in the latest version of Chrome running on Windows 7, VUPEN said."
Re:Disclosure policy (Score:5, Interesting)
Blaming Microsoft in this case is extremely premature, since we know that Chrome does in fact disable some protections intentionally.
Re:And.. (Score:3, Interesting)
Chrome's sandbox is Windows' sandbox [chromium.org], so that's perfectly possible.
How the exploit will be used (Score:5, Interesting)