Home > News @ Announcement > Google Chrome Dihack?

Google Chrome Dihack?

Vupen Keselamatan dan Sergey Glazunov bebas berjaya menembusi pertahanan keselamatan Google Chrome pada Pwn2Own dan pertandingan ‘Pwnium’ masing-masing. Pertandingan tahunan, yang menjemput etika penggodam dari seluruh dunia untuk cuba menggodam pelayar web yang paling popular dan dalam proses itu mendedahkan kelemahan dan kelemahan dalam keselamatan pelayar, di samping meraih pahala yang kacak.

Pada pertandingan tahun ini, pengasas bersama dan ketua penyelidikan Vupen, Chaouki Bekrar dan pasukannya berjaya memecah masuk ke dalam Google Chrome dalam masa kurang daripada 5 minit, dalam proses quashing ceramah mengenai keselamatan yg tak diragukan lagi pelayar. Mereka menggunakan “sepasang kelemahan hari sifar untuk mengambil kawalan lengkap sepenuhnya bertampal 64-bit Windows 7 mesin (SP1).” Bagi yang berjaya break-masuk, Vupen telah memenangi sendiri 32 mata.

Google Chrome keselamatan tahu bahawa kotak pasir plugin Flash Player ketara lemah dan mengeksploitasi terhadap Flash Player Chrome akan perlu melalui path.Having tertentu terfikir bahawa Vupen digunakan, teknik (dari video Mei), Google mengambil keputusan untuk menambah perlindungan khusus untuk Flash. Hack melayakkan beliau untuk salah satu daripada hadiah-hadiah $ 60.000 atas yang sebahagian daripada $ 1 juta cabaran Pwnium Google, dan boleh jadi pelancaran kerjaya keselamatan yang baru.

VUPEN pengasas bersama Chaouki Bekrar, seorang penulis mengeksploitasi lantang yang menegaskan pasukan yang sengaja disasarkan Chrome untuk membuktikan mata, adalah uncharacteristically Tersipu-sipu apabila ditanya sama ada kod Chrome rosak datang dari Adobe. “Ia adalah kelemahan penggunaan selepas bebas dalam lalai pemasangan Chrome, “katanya. “Mengeksploitasi kami bekerja terhadap pemasangan lalai supaya ia benar-benar tidak kira jika ia-kod pihak ketiga pula.” Bekrar memberitahu, laporan ZDNet.

IE 9 pada Windows 7 telah juga digodam, sekali lagi melalui hack rumit yang terpaksa memintas kotak pasir pelayar. Microsoft, bagaimanapun, tidak boleh bertindak balas dengan cepat, sebagai prosedur pengujian kualiti biasanya mengambil masa beberapa bulan untuk membetulkan bug seperti these.Safari pada Mac OS X Snow Leopard, bersama-sama dengan Firefox dan IE 8 pada Windows XP, juga digodam.

=====================================

Vupen Security and Sergey Glazunov independently managed to penetrate Google Chrome’s security defenses at the Pwn2Own and ‘Pwnium’ contests respectively. The annual competition, which invites ethical hackers from around the world to attempt hacking into the most popular web browsers and in the process expose vulnerabilities and loopholes in the browser’s security, while grabbing a handsome reward.

At this year’s competition, the co-founder and head of research of Vupen, Chaouki Bekrar and his team managed to break into Google Chrome in less than 5 minutes, in the process quashing talks about the browser’s unquestionable security. They used “a pair of zero-day vulnerabilities to take complete control of a fully patched 64-bit Windows 7 (SP1) machine.” For the successful break-in, Vupen has won itself 32 points.

Google Chrome security knew that the Flash Player plugin sandbox is significantly weaker and that an exploit against Chrome’s Flash Player would have to go through a certain path.Having figured out that Vupen used that technique (from the May video), Google decided to add a specific protection for Flash. The hack qualifies him for one of the top $60,000 prizes that are part of Google’s $1 million Pwnium challenge, and could be the launch of a new security career.

VUPEN co-founder Chaouki Bekrar, an outspoken exploit writer who insisted the team deliberately targeted Chrome to prove a point, was uncharacteristically coy when asked if the faulty Chrome code came from Adobe.”It was a use-after-free vulnerability in the default installation of Chrome,” he said. “Our exploit worked against the default installation so it really doesn’t matter if it’s third-party code anyway.” Bekrar told, Zdnet reports.

IE 9 on Windows 7 was also hacked, again through a complicated hack that had to circumvent the browser’s sandbox. Microsoft, however, may not respond so rapidly, as its quality testing procedure usually takes a few months to fix bugs like these.Safari on Mac OS X Snow Leopard, along with Firefox and IE 8 on Windows XP, was also hacked.

Sumber : UtusanHacker

Advertisements
Categories: News @ Announcement
  1. 13/03/2012 at 8:26 pm

    FAIL TRANSLATE.GOOGLE.COM

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s

%d bloggers like this: