No current browser is 100% foolproof. Their creators, however, employ different techniques to ensure they are as safe as possible for our users. This was the tactic used by Google to create a sandbox with Chrome, among other features. Because of her all the code executed by the browser is restricted to processes that can not access memory or other computer components directly. Or at least they could not.
The Vulpen Security, French American security company, today announced the discovery of the first major vulnerability of Chrome, which allows just that. They achieved something that nobody in the competition three years Pwn2Own, managed, overcome their main security measure, the Chrome sandbox. Below is the video demonstration of the flaw being exploited.
According to them, the fault runs on the browser version 11.0.696.65, which is the latest stable version and until the publication of the post. The code created by them performs several different actions with the ultimate goal of making the browser to download and execute any file outside the sandbox. In this case they chose a calculator, but could easily be a virus, malware or any sort of malware.
The company says it will not make publicly available code for the vulnerability. So if you wanted to know in detail what they did, will have to wait for Google to fix the problem or someone else to discover and disclose.
