New Chrome Exploit Bypasses Sandbox, ASLR and DEP

Trailrunner7 writes "Researchers at the French security firm VUPEN say they have discovered several new vulnerabilities in Google Chrome that enable them to bypass the browser's sandbox, as well as ASLR and DEP, and run arbitrary code on a vulnerable machine. The company said they are not going to disclose the details of the bugs right now, but they have shared information with some of their government customers. The vulnerabilities are present in the latest version of Chrome running on Windows 7, VUPEN said."

Re:Disclosure policy

[Rockoon]

Browsers such as Chrome contain memory allocations that avoid DEP by using VirtualProtectEx() [microsoft.com] as it is pretty much a requirement of JIT compilation.

Blaming Microsoft in this case is extremely premature, since we know that Chrome does in fact disable some protections intentionally.

Re:And..

[icebraining]

Chrome's sandbox is Windows' sandbox [chromium.org], so that's perfectly possible.

How the exploit will be used

[Hmmm2000]

To me the most troubling part of this issue is what VUPEN does ... from their web site -- "Exclusive and sophisticated exploits for Law Enforcement Agencies". So, the reason the exploit is not being made public is so that Government agencies can use these exploits to install keyloggers or whatever they choose on whatever computer they which to target and monitor.