The most secure features of Google Chrome, including Sandbox, ASLR and DEP, were simply bypassed by VUPEN security researchers. The vulnerability is for the most latest version of Google Chrome (v11.0.696.65) for Windows.

The vulnerability is found to be impacting all Windows based computers running 32 bit as well as 64 bit OS. The vulnerability was exploited by just making the user visit a specially prepared web page containing a sophisticated code that will execute various payloads to ultimately download and start any program. The program runs silently without even crashing Google Chrome after executing the payload. The program launches outside the sandbox but at medium integrity level. However, most malware today doesn’t necessarily need to have a high integrity level to run.

As the vulnerability is not publicized, Chrome users can stay out of panic.

Comments are closed.