Security researchers claim they have managed to bypass the sandbox protection and exploit a PC through the Google Chrome browser. Vupen Security revealed that it has done what hackers and researchers have failed to do for three consecutive Pwn2Own contests--even when Google put up a $20,000 reward for a working exploit. However, there is growing speculation that the exploit used by Vupen may not actually circumvent the Chrome sandbox after all.
Vupen Security has a video clip demonstrating the attack. It circumvents the Chrome sandbox, as well as the DEP and ASLR security features in Windows, and exploits zero-day vulnerabilities discovered by Vupen to execute silently with no indication to the user. Vupen says the attack works on all Windows PCs--both 32 and 64-bit.
More: http://www.pcworld.com/businesscenter/article/227620/
Vupen Security has a video clip demonstrating the attack. It circumvents the Chrome sandbox, as well as the DEP and ASLR security features in Windows, and exploits zero-day vulnerabilities discovered by Vupen to execute silently with no indication to the user. Vupen says the attack works on all Windows PCs--both 32 and 64-bit.
More: http://www.pcworld.com/businesscenter/article/227620/