Skip to main content

Vupen conquers Chrome at ‘Pwn2Own’ security conference

Avatar for Élyse Betters  | Mar 7 2012 - 7:35 pm PT
2 Comments

[youtube=http://youtu.be/c8cQ0yU89sk]

French hackers took down Chrome at the 2012 CanSecWest “Pwn2Own” hacker contest without even a blink of an eye.

Google’s browser stood the test at last year’ event, but it was the first to topple this time around. The victorious winner? Vupen.

According to ZDNet, Vupen is a French supplier of exploits and vulnerabilities to government clients.

Headlines after the previous contest claimed Chrome was unbreakable and such news infuriated Vupen, so its cofounder Chaouki Bekrar set to prove the world otherwise. His team quickly targeted the indestructible browser and worked for about six weeks to find vulnerabilities.

“We had to use two vulnerabilities. The first one was to bypass DEP and ASLR on Windows and a second one to break out of the Chrome sandbox,” explained Bekrar in an interview.

More information is available below.

Vupen released a video (as seen above) of a successful Chrome sandbox escape conducted last year, but Google claimed it unfairly exploited third-party code. With that said, Bekrar refused to mention whether this year’s hack combated a third-party code in the browser:

“It was a use-after-free vulnerability in the default installation of Chrome. Our exploit worked against the default installation, so it really doesn’t matter if it’s third-party code anyway.”

Bekrar explained that Vupen created a website ploy during the contest with written exploits. After the target visited the team’s deceptive page, Vupen’s exploit opened the Calculator app outside of the sandbox.

“There was no user interaction, no extra clicks. Visit the site, popped the box,” Bekrar added.

Vupen plans to sell the rights to one of the vulnerabilities, but the company is keeping the sandbox escape for its customers. Despite the seamless job, Bekrar contended that Chrome sandbox is still the most secure browser available.

“It’s not an easy task to create a full exploit to bypass all the protections in the sandbox…This just shows that any browser, or any software, can be hacked if there is enough motivation and skill,” Bekrar said.

The hack earned Vupen 32 points under the competition’s new format.

Add 9to5Google to your Google News feed. 

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Google — experts who break news about Google and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Google on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Check out 9to5Google on YouTube for more news:

Comments

Guides

Google Corporate

Author

Avatar for Élyse Betters Élyse Betters