Skip to main content

Researchers Claim Google Chrome’s Sandbox Can Be Hacked

Vupen, a France based security company has revealed that it has discovered a few loopholes in the security features of Google Chrome which can be exploited to hack the browser quite effectively.

According to the company, in order to exploit these loopholes, all that a hacker needs to do is make the browser visit a website with a bunch of codes especially designed for sidestepping the “sand box”.

The “sand box” is a built in feature in Google Chrome which isolates the browser functionalities from the rest of the operating system, thus making it really hard for hackers or malicious programs to break through its security shields.

Security experts from Vupen also stated that they also found another way to break through the browsers security- by ceasing the in-built anti exploit features in the Windows 7 platform.

"The exploit ... is one of the most sophisticated codes we have seen and created so far, as it bypasses all security features including ASLR/DEP/Sandbox," a blog post (opens in new tab) by the company stated

Vupen added, "It is silent (no crash after executing the payload), it relies on undisclosed ('zero-day') vulnerabilities and it works on all Windows systems."

Google however, reserved its comments on the issue by stating that it was not in a position to confirm the claims by Vupen.

Ravi Mandalia
Ravi Mandalia

Ravi Mandalla was ITProPortal's Sub Editor (and a contributing writer) for two years from 2011. Based in Ahmedabad, India, Ravi is now the owner and founder of Parity Media Pvt. Ltd., a news and media company, which specializes in online publishing, technology news and analysis, reviews, web site traffic growth, web site UI. Ravi lists his specialist subjects as: Enterprise, IT, Technology, Gadgets, Business, High Net Worth Individuals, Online Publishing, Advertising, Marketing, Social Media, News, Reviews, Audio, Video, and Multi-Media. He has also previously worked as Dy. Manager - IT Security at (n)Code Solutions.