Google Chrome Cracked By Six Bug ComboBy: Zach Walton - May 29, 2012
By all accounts, Chrome is a pretty secure browser. If you want to crack it, you’re going to have to put in some serious time and effort. Good thing Chrome is more often cracked by those who wish to increase the browser’s security instead of hacking it for personal gain. A recent crack against Chrome was accomplished only after throwing six bugs at it.
Matt Cutts knows a thing or two about Google and its products. He says it’s pretty crazy that a hacker would be able to break into Chrome through such a long and arduous process. You know the crack is impressive if even the folks at Google are in awe of the talent on display.
http://t.co/K0moeIbd Now fixed. Shows that Chrome is pretty secure.
Tired of waiting until season three so she can break more fourth walls, master hacker Pinkie Pie has taken to Chrome to show the world what she can do. In all reality, the hack was carried out by a teenage male going by the alias Pinkie Pie. He was able to crack the browser by using really obscure openings that nobody else would really think to look for.
Here’s the short version of the hack. He first used Chrome’s prerendering feature to load a Native Client onto a Web page. From there, he used a low-level interface to a GPU command buffer to command an overwrite in the GPU process. Then he used a ROP chain to execute arbitrary code inside the GPU process. Doing that allowed him a small window of opportunity to pass the GPU process off as the renderer. By taking control of this renderer, he was able to gain access to a privileged renderer which allowed him to break out of the sandbox. Once out of the sandbox, he was able to use two more bugs to run his own plugin that had full user privileges.
The long version goes into much more detail about the hack including the specific bugs that he used. If you have any interest in hacking and the importance of patching tiny insecurities, then you’ll want to check out the full blog post. For those who just read the above paragraph and didn’t know what was going on, just know that somebody essentially pulled a combo on Google Chrome that broke the system.
Google has fixed all of the above bugs within short order and Chrome is secure once more. Regardless, it just goes to show you that browser security is no simple matter. There are always plenty of ways to circumvent and break browsers. It just takes a little patience and a lot of coding know how.