Security firm claims to have hacked Chrome's sandbox

It didn't manage to do it during the most recent Pwn2Own challenge, but VUPEN Security is now claiming that it has finally managed to hack Google's Chrome browser and crack its so-called "sandbox." According to the firm, the exploit relies on some newly discovered zero day vulnerabilities, works on all Windows operating systems (and only Windows, apparently), and could give malicious websites the ability to download code from a remote source and execute it on a user's computer -- the video after the break shows an example, in which the Windows Calculator application is downloaded and run automatically. For its part, Google says it has been unable to confirm the hack since VUPEN hasn't shared any details with it -- something the firm apparently doesn't plan to do, as it says it only shares its vulnerability research with its "government customers for defensive and offensive security."

VUPEN Security

Comments

Manual for Alienware M11x with Sandy Bridge confirms NVIDIA GT540M graphics

If the previous Alienware M11x R3 spec leak got you all giddy, then we have some good news for you: according to a manual dug up by one of our eagle-eyed readers, it appears that this year's M11x refresh will indeed be coming with second-gen Core i5 ULV and Core i7 ULV options, along with a faster DDR3 bus (1333MHz instead of 800MHz), a higher-res webcam (2MP instead of 1.3MP), an HD TrueLife LCD, and optional 3G / 4G mobile broadband. But of course, the real meat on this laptop is its graphics card, which turns out to be an NVIDIA GeForce GT540M with either 1Gb or 2GB of dedicated memory -- not bad for a laptop of this size. Unsurprisingly, no dates or prices are mentioned here, but given the early start of inventory clearance, it shouldn't be long before Round Rock reveals all. Dell (ZIP)

IBM shows off Smarter Traveler traffic prediction tool

Traffic alerts on GPS devices may be old hat at this point, but there's obviously still plenty of room for improvement, and IBM now says it's managed to do just that with its new "Smarter Traveler" traffic prediction tool. Developed with the help of UC Berkeley's transportation group and the California Department of Transportation, the tool relies on predictive analytics software, GPS monitoring and sensors already on the roads to not only offer alerts, but build a model of each person's usual commuter route. Once the system is trained a bit, commuters are able to check out what's effectively a forecast of their entire route before they even leave the house, rather than simply be alerted to traffic problems before it's too late to avoid them. Head on past for the complete press release, and a quick video explanation of how it works. IBM, Caltrans and UC Berkeley Aim to Help Commuters Avoid Congested Roadways Before their Trip Begins First-of-a-K...

Sony Ericsson Xperia Neo delayed to Q3, Arc and Play facing limited supply due to Japanese quake

There hasn't been much good news coming out of Japan lately and this sadly keeps up with the unhappy trend. Sony Ericsson has officially bumped the broad launch (it's already available in limited quantities) of its Xperia Neo handset to at least July, explaining the delay as the result of "supply chain disruptions." Additionally, the Xperia Arc and Play devices, two other members of the company's new Android Gingerbread family, will be available in smaller volume than expected, at least for the near term. We guess that might go some way to explaining why the Xperia Play failed to reach some UK carriers in time for its April 1st launch date. Skip past the break for a statement from Sony Ericsson, who promises to be more explicit about the situation when it delivers its latest quarterly results on April 19th. As Sony Ericsson continues to assess the impact of the situation in Japan on its business, we have communicated to our operator customers and dis...

NYC

Search This Blog