Threat Level: green Handler on Duty: Deborah Hale

SANS ISC: InfoSec Handlers Diary Blog - VUPEN Security pwns Google Chrome InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

VUPEN Security pwns Google Chrome

Published: 2011-05-09
Last Updated: 2011-05-10 00:23:39 UTC
by Rick Wanner (Version: 1)
5 comment(s)

French security research group, VUPEN, announced earlier today that they have managed to subvert Google Chrome's sandbox to permit execution of code.

The announcement, which is light on details, and a demo are available on VUPEN's website. The most interesting aspect of the announcement was the declaration "This code and the technical details of the underlying vulnerabilities will not be publicly disclosed. They are shared exclusively with our Government customers as part of our vulnerability research services." Apparently this list does not include Google. Definitely an interesting twist on responsible disclosure.

Update: Further details and Google's response are available on Brian Kreb's blog.

-- Rick Wanner - rwanner at isc dot sans dot org - http://namedeplume.blogspot.com/ - Twitter:namedeplume (Protected)

 

Keywords: Chrome VUPEN
5 comment(s)
Diary Archives