Major Vulnerability Exposed In Chrome
Most people usually user Google Chrome for its speed and safety, as well as the fact that the browser hasn’t been successfully hacked within the past three years, until today. A security firm called VUPEN figured out how to act past Google Chrome’s system as well as Window 7’s anti-exploit technology, allowing the Chrome browser to run any program or code they would like.
The exploit is demonstrated in the video and is one of the most sophisticated codes created since it bypasses ASLR/DEP/Sandbox security features and does not cause the computer to crash after delivering the payload. The vulnerability works on both 32-bit and 64-bit versions of Windows 7.
The security firm, VUPEN said that users could be tricked to visit malicious websites where the exploit would be run. If these vulnerabilities were exploited in the wild they would, without a doubt, be able to steal passwords or infect a computer with a botnet to attack targeted websites. Thankfully, VUPEN will not release the code or details to the public OR Google but instead will share the code with government officials to aid in secret operations for surveillance (isn’t that wonderful?) VUPEN of course sells weaponized exploits to intelligence agencies and law enforcement for covert operations or for surveillance. View the clip below to see how innocent this malicious code appears on the surface (it seems to have only opened up the calculator), but in fact delivers a payload at that time.