According to Justin Schuh, a member of the Chrome security team, Glazunov’s exploit was specific to Chrome and bypassed the browser sandbox entirely. ”It didn’t break out of the sandbox [but] it avoided the sandbox,” Schuh said in an interview.
[url=https://www.zdnet.com/blog/security/pwn2own-2012-google-chrome-browser-sandbox-first-to-fall/10588]Pwn2Own 2012: Google Chrome browser sandbox first to fall[/url]
CanSecWest Pwnium: Google Chrome hacked with sandbox bypass
This is not the first time Vupen have defeated the chrome sandbox, the first time was in May last year
Will Vupen reveal their exploit to Google (and Microsoft, since they bypassed DEP and ASLR on Windows 7)?
Originally, our plan was to sponsor as part of this year’s Pwn2Own competition. Unfortunately, we decided to withdraw our sponsorship when we discovered that [b]contestants are permitted to enter Pwn2Own without having to reveal full exploits (or even all of the bugs used!) to vendors. Full exploits have been handed over in previous years, but it’s an explicit non-requirement in this year’s contest, and that’s worrisome.[/b] We will therefore be running this alternative Chrome-specific reward program. It is designed to be attractive -- not least because it stays aligned with user safety by requiring the full exploit to be submitted to us. We guarantee to send non-Chrome bugs to the appropriate vendor immediately.
Indeed. Although I was making fun of Chrome in my first post, this exploit appears to have much wider implications.
I’m anxious to know if this type of exploit could also bypass Sandboxie.
Also last week, a separate exploit for Chrome was demonstrated at the Pwn2Own competition. We’ve since learned that the bug exploited a vulnerability in the Flash Player plug-in -- affecting all browsers. The contest organizers have reported the vulnerability details directly and privately to Adobe, and Adobe will be providing a fix as part of its forthcoming Flash Player update. When that happens, Chrome users will enjoy the advantage of an auto-update and quick protection. Looking forward, Adobe and Google are collaborating on a version of Flash Player which will run inside the primary Chrome sandbox. Chrome OS devices already ship with this next-generation sandbox for Flash Player.