Skip to main content

Security Firm Cracks Chrome's Sandbox

Chrome is perceived as the safest browser you can use this days (with the exception of a version of Firefox 4 that runs inside a Linux virtual machine), as it survived a recent hacking contest. Chrome's security is mainly based on its sandboxing feature that isolates browser processes as well as plugins. However, French security firm Vupen claims that it has cracked Google's sandbox. We have to use the word "claims" as the company said it will not be generally disclosing the vulnerability, but will be sharing it only with its government customers.

Vupen stated that it required a sophisticated attack to break the sandbox, but it has done so without exploiting a Windows kernel vulnerability. The hack works on all “default” Chrome installations on all 32-bit and 64-bit Windows systems. The tested Chrome version was 11.0.696.65, but also works on beta and developer versions of Chrome 12, according to Vupen.

The security company made headlines earlier this year when it was able to break through Apple's Safari security in less than 5 seconds at the Pwn2Own contest. Vupen stated that it still considers Chrome to have "one of the most secure sandboxes." Of course you now know that there may be a working exploit you and Google do not know of.