HardOCP News
[H] News
- Joined
- Dec 31, 1969
- Messages
- 0
Security researchers have "officially pwned Google Chrome" using a 0-day exploit. Then again, we cares...I got free Angry Birds. Here's a video of the exploit in action.
Follow along with the video below to see how to install our site as a web app on your home screen.
Note: This feature may not be available in some browsers.
How is this useful? I didn't watch it with audio but it seems like he just launched calculator. What could he execute that would actually do something worthwhile?
It's sad that Computer World calls these researchers "whitehats"
This VUPEN organization won't even release the details of the vulnerability to Google so they can fix it.
It's sad that Computer World calls these researchers "whitehats"
This VUPEN organization won't even release the details of the vulnerability to Google so they can fix it.
according to their site, they didn't launch calculator, they downloaded the calculator from a remote site and then ran the calculator.
Release to google for a couple bucks reward..
Sell to highest bidder...
Ya'll might think they are scum for it, but I know which option i'd take :|
If this were an IE bug I doubt people would be attacking the discoverers as much.
Zarathustra[H];1037239916 said:Agreed.
VUPEN are the rented thugs of the computer security world, continually finding new security holes so they can sell them to the highest bidder (like governments that want to suppress dissidents)
The hole was created (albeit unintentionally) by Google. Why does anyone have obligation to solve Google's problems for them without recompense? If Google is so awesome, they would be able to find and fix this before these "thugs."
Magical white-hat hackers don't come and fix bugs in my company's software, my co-workers and have to do it. What wonderful magical lovey-dovey world do you live in?
Why does anyone have obligation to solve Google's problems for them without recompense?
they seem to have UAC off in the video? so this would probably only effect the dumbshits that turn that off?
"We will not help Google in finding the vulnerabilities," said Chaouki Bekrar, Vupen's CEO and head of research, in an email reply to questions. "Nobody knows how we bypassed Google Chrome's sandbox except us and our customers, and any claim is a pure speculation."
if it can bypass UAC then microsoft and the nsa would be all over this???
Governments, hackers, whoever. Page 2 has more details about the exploit, where VUPEN admits it's a flaw with the version of Flash player bundled with Chrome 11/12. The Chrome project site states that Flash is only partially sandboxed in Chrome. The feat of breaking the browser is a lot less impressive with that info.Wait, who are their customers
Are they selling those exploits to other hackers?
Agreed. It's an Adobe flaw (nothing new there), so it's not very impressive at all.Governments, hackers, whoever. Page 2 has more details about the exploit, where VUPEN admits it's a flaw with the version of Flash player bundled with Chrome 11/12. The Chrome project site states that Flash is only partially sandboxed in Chrome. The feat of breaking the browser is a lot less impressive with that info.
I use SRWare Iron (Chrome), which doesn't include that Flash player or the PDF viewer. Win.
Well, you know Microsoft gets that special treatment from the public...If this were an IE bug I doubt people would be attacking the discoverers as much.
Easily faked.
1) bind calc.exe to keyboard shortcut
2) open "odd URL"
3) press keyboard shortcut
I doubt it to be true.
What if there is no exploit and there is an application running the background with a keyboard hook that launches calculator or whatever binary you wish?
Just saying.