i***1
发帖数: 668 | 1 【 以下文字转载自 SanFrancisco 讨论区 】
发信人: immi1 (immi1), 信区: SanFrancisco
标 题: 用google 的就等死吧
发信站: BBS 未名空间站 (Tue May 10 20:42:01 2011, 美东)
Security firm claims to have hacked Chrome's sandbox
It didn't manage to do it during the most recent Pwn2Own challenge, but
VUPEN Security is now claiming that it has finally managed to hack
Google's Chrome browser and crack its so-called "sandbox." According to
the firm, the exploit relies on some newly discovered zero day
vulnerabilities, works on all Windows operating systems (and only Windows,
apparently), and could give malicious websites the ability to download
code from a remote source and execute it on a user's computer -- the video
after the break shows an example, in which the Windows Calculator
application is downloaded and run automatically. For its part, Google says
it has been unable to confirm the hack since VUPEN hasn't shared any
details with it -- something the firm apparently doesn't plan to do, as it
says it only shares its vulnerability research with its "government
customers for defensive and offensive security." |
|
