Linux Today: Linux News On Internet Time.

More on LinuxToday

Google Chrome browser has finally been hacked

May 10, 2011, 22:06 (2 Talkback[s])
(Other stories by Matthew Humphries)


Re-Imagining Linux Platforms to Meet the Needs of Cloud Service Providers

[ Thanks to An Anonymous Reader for this link. ]

"ASLR means the data used for the executable, libraries, heap, stack, and address space are never in the same location twice in memory. This makes predictions tough for the hacker making certain types of exploit very difficult if not impossible to use. DEP stops code execution from a non-executable memory region which means the common buffer overflow exploits don't work. Finally we have the sandbox, which sees each tab you open in Chrome get its own process and is stripped of its rights meaning it can't affect anything other than itself on the system and in the browser.

"Tough as all those measures sound and indeed are, Chrome has had its sandbox compromised this week by security company VUPEN. The video above shows the hack using a sophisticated zero-day exploit that manages to run arbitrary code through the browser. Most importantly, it bypasses the sandbox, ASLR, and DEP security measures."

Complete Story

Related Stories: