VUPEN Security has announced the discovery of a vulnerability in Google’s Chrome browser software.
Google Chrome has survived assaults at the Pwn2Own contest for the last three years. Now, French security firm VUPEN says it is unhappy to announced that it has officially “Pwned” Google Chrome and its protective Sandbox measures.
VUPEN uploaded a video of the browser exploit in action which bypasses all security features including ASLR/DEP/Sandbox, without exploiting a Windows kernel vulnerability. It works on all Windows systems and with the latest versions of the Chrome browser.
In the video, a web page is loaded displaying just a text message - “Your browser is being Pwned!” - and after a few seconds of inactivity (and without a visible crash in Chrome), the windows calculator application runs. According to the VUPEN write-up, the calculator executable is downloaded and executed.
At Pwn2Own in March this year, VUPEN successfully attacked Safari in much the same way. A specially crafted web page was loaded and several seconds later, the Mac OS X calculator application was launched and a file was written to the hard drive to demonstrate that the Sandbox had been compromised.
For obvious reasons, the write-up does not disclose technical information on the exploit, only to say that it is one of the most sophisticated codes they have used so far.
Result for: windows systems
Plextor made a surprising announcement today when it introduced two dual-format HD optical drives, the B920SA and B300SA, both of which can read Blu-ray and HD DVD discs.
Although the HD DVD format is now obsolete, the new drives gives owners a chance to watch their HD DVD titles on a computer while also allowing them to make way for Blu-ray.
The B920SA can burn 25GB BD discs at up to 4X speed and can write CDs and DVDs at 16x. The B300SA cannot write Blu-ray discs but can read at a relatively fast 6X speed. Both drives connect through Serial ATA and will ship in March for $450 USD and $600 USD respectively. Each drive comes bundled with movie playback, burning, and editing software for Windows systems.
