Researcher from MWR labs won a prestigious prize $100,000, couple of days back at Vancouver researchers hacked Google chrome and showed at the Pwn2Own hacking competition. According to the hackers, it is possible to hack into any system via vulnerability on Google chrome. Whenever, a web surfer visits a malicious page on chorme it was possible to execute code which can allow the page creator to get into the system through a kernel vulnerability found in Windows 7.
Here is what researcher found exploiting into the most popular browser on web:
“We were able to exploit the first vulnerability in multiple ways, allowing us to leak the addresses of several objects in memory, calculate the base address of certain system dlls, read arbitrary data, and gain code execution. This allowed us to bypass ALSR by leaking the base address of a dll, and to bypass DEP by reading that dll’s .text segment into a javascript string, allowing us to dynamically calculate the addresses of ROP gadgets.”
The reason researcher told using chrome for demonstration was its popularity, so, understanding was easy. Furthermore, this competition provided an insight to the users on how easily their system’s security can be brached. To keep all simple researched exploited the chrome brwser using the default setting. Lastly, the researchers said:
“Google Chrome is one of the most widely used Web browsers globally, and was perceived to be the hardest target in the competition,”
“The reason Chrome was chosen as the target for the demonstration is to encourage understanding, as a security breach of this nature could expose millions of users to serious risk.”
