Chrome on Windows 7 exploited

http://labs.mwrinfosecurity.com/blog/2013/03/06/pwn2own-at-cansecwest-2013/

Just another reminder that if your kernel isn't secure, the system isn't secure. An attacker doesn't care if they're at untrusted integrity as long as they have unrestrained access to the kernel.

Wrote about this on my site, but there's no crazy new information there, so it doesn't seem worth linking to.

 

Re: Chrome on Windows 8 exploited

And, more to the point, proving that even the current top of the line desktop is worth zilch against a skilled human attacker.

 

Re: Chrome on Windows 8 exploited

Actually it was Windows 7. They’ve posted a pic on their Twitter page. See: -https://twitter.com/mwrlabs/status/309480564665245700/photo/1-

 

Re: Chrome on Windows 8 exploited

Yeah, seems that you're correct.

 

Re: Chrome on Windows 8 exploited

No one is touching my kernel

 

Re: Chrome on Windows 8 exploited

It the attack involved Chrome and Windows 7 (not 8 ), the thread's title needs to be changed.

 

Re: Chrome on Windows 8 exploited

Done. Not that it makes a difference.

 

Re: Chrome on Windows 8 exploited

lol

Seriously though, the Chrome devs will be straight on to this. They’re pretty quick at fixing vulnerabilities, especially at these events. I remember last year at pwnium and they had Chrome patched up within twenty four hours I think it was. Microsoft, well that’s another story.

Exactly. The point remains, regarding the importance of a secure kernal.

 

Re: Chrome on Windows 8 exploited

The Stable channel has been updated to 25.0.1364.160.

 

Re: Chrome on Windows 8 exploited

So this update addresses the vulnerabilities?

 

I don't know if it does or not.
I'd say there is a good likelihood, and in the event that it does, I wanted the info posted here.
We'll know soon enough.

Edit in: Yes, it looks like it is.

"The Stable channel has been updated to 25.0.1364.160 for Windows, Mac, and Linux. This release contains security fixes.

Security fixes and rewards:

Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are up to date with the fix.

[180763] High CVE-2013-0912: Type confusion in WebKit. Credit to Nils and Jon of MWR Labs."

http://googlechromereleases.blogspot.com/2013/03/stable-channel-update_7.html

 

Got it. Thanks

 

That was FAST!

 

Re: Chrome on Windows 8 exploited

Edit: not enough coffee...

Cheers, Nick

 

Was it Protected Mode or the new Enhanced Protected Mode that they bypassed (Internet Explorer 10 on Windows 8 )? I wish there were more info on it.

 

Default settings were used...

 

Firefox is also updated.

https://www.mozilla.org/security/announce/2013/mfsa2013-29.html

 

From what I understood, Microsoft will fix the vulnerabilities in the next "Patch Tuesday" which will happen at March 12th.

http://technet.microsoft.com/en-us/security/bulletin/ms13-mar

 

@Nick,

The kernel exploit was used to get out of the sandbox. Not sure if you mistyped. They used the initial exploit to get into the renderer process, and then the local priv escalation exploit to get system level privilege.

Wouldn't have made a difference if it were IE10 in EPM or not if they were using a local kernel exploit.

 

Mixture of misreading the exploit and mistyping my explanation...

- but you are spot on

Cheers, Nick

 

I wonder if EMET could have made a difference?