來(lái)自法國(guó)的安全研究機(jī)構(gòu)VUPEN宣稱他們突破了chrome的沙箱保護(hù)，ASLR/DEP保護(hù)也一同被突破。VUPEN宣稱漏洞代碼將不會(huì)被公布，只會(huì)提供給他們的政府合作伙伴，所以我們并不清楚chrome的開發(fā)團(tuán)隊(duì)是否被通知漏洞信息。

下面是他們的聲明：

Hi everyone,

We are (un)happy to announce that we have officially Pwnd Google Chrome and its sandbox. 

The exploit shown in this video is one of the most sophisticated codes we have seen and created so far as it bypasses all security features including ASLR/DEP/Sandbox, it is silent (no crash after executing the payload), it relies on undisclosed (0day) vulnerabilities discovered by VUPEN and it works on all Windows systems (32-bit and x64).

The video shows the exploit in action with Google Chrome v11.0.696.65 on Microsoft Windows 7 SP1 (x64). The user is tricked into visiting a specially crafted web page hosting the exploit which will execute various payloads to ultimately download the Calculator from a remote location and launch it outside the sandbox at Medium integrity level.

While Chrome has one of the most secure sandboxes and has always survived the Pwn2Own contest during the last three years, we have now uncovered a reliable way to execute arbitrary code on any installation of Chrome despite its sandbox, ASLR and DEP.

This code and the technical details of the underlying vulnerabilities will not be publicly disclosed. They are shared exclusively with our Government customers as part of our vulnerability research services.

這個(gè)聲明的大致意思是：VUPEN已經(jīng)攻破了Goggle的Chrome瀏覽器，并且是在沒有利用Windows本身的內(nèi)核漏洞的情況下繞過了Chrome中的所有安全機(jī)制，并且可以實(shí)現(xiàn)完全無(wú)聲的入侵。聲明中還指出，出于安全原因，利用代碼和潛在漏洞的技術(shù)細(xì)節(jié)不會(huì)被公開披露。它們只與政府客戶分享漏洞研究作為服務(wù)的一部分。

原文地址：http://www.vupen.com/demos/VUPEN_Pwning_Chrome.php

【編輯推薦】

1. Chrome OS 將針對(duì)企業(yè)開發(fā)控制臺(tái)等獨(dú)特功能
2. Chrome 已支持 Ubuntu 全局菜單
3. 知己知彼 黑客如何攻擊Windows服務(wù)器
4. 谷歌修復(fù)Chrome瀏覽器6個(gè)缺陷
5. 外媒評(píng)出谷歌Chrome優(yōu)于微軟IE的10大理由