It has been a field day for a group French hackers at the ongoing Pwn2own competition in Canada, reports ZDNet. The annual competition, which invites ethical hackers from around the world to attempt hacking into the most popular web browsers and in the process expose vulnerabilities and loopholes in the browser's security, while grabbing a handsome reward. At this year's competition, the co-founder and head of research of Vupen, Chaouki Bekrar and his team managed to break into Google Chrome in less than 5 minutes, in the process quashing talks about the browser's unquestionable security. They used “a pair of zero-day vulnerabilities to take complete control of a fully patched 64-bit Windows 7 (SP1) machine.” For the successful break-in, Vupen has won itself 32 points.
Gone in 300 seconds!
Vupen, the company, who's team managed to crack open Chrome's security system, according to this report is “the controversial company that sells vulnerabilities and exploits to government customers.” This year, their attack at Chrome was deliberated, since they wanted to tell users that no software is foolproof, “if the hackers have enough motivation to prepare and launch an attack.” At the last year's competition, Chrome had emerged unscathed. This time, however, Vupen, the French firm managed to get the better of it.
Reportedly, Bekrar and his team were being constantly bombarded with headlines, all saying that Google Chrome was unbreakable and that no one could hack it. This, they say became their biggest motivator and they “wanted to make sure it was the first to fall this year.” Quoting Bekrar, the report stated that, “We had to use two vulnerabilities. The first one was to bypass DEP and ASLR on Windows and a second one to break out of the Chrome sandbox. It was a use-after-free vulnerability in the default installation of Chrome. Our exploit worked against the default installation so it really doesn’t matter if it’s third-party code anyway.“
Describing the hack process, Bekrar explained that he created a web page that was booby trapped. Then, just when the “target machine” visited the page, “the exploit ran and opened the Calculator (calc.exe) app outside of the sandbox.” Explaining the process in a nutshell, Bekrar was quoted as saying, “There was no user interaction, no extra clicks. Visit the site, popped the box.” The company, although, now plans to sell the rights to one of the zero-day vulnerabilities, they won't be giving away the sandbox escape and plan to keep it private, just for their customers.
However, despite his victory against Chrome, Bekrar was all praises for the popular browser. In his view, “the Chrome sandbox is the most secure sandbox out there. It’s not an easy task to create a full exploit to bypass all the protections in the sandbox. I can say that Chrome is one of the most secure browsers available.“
We wonder what Google have to say!