The 2011 Pwnie Nominee For Best Client-Side Bug

Google Chrome sandbox bypass

Credit: VUPEN

VUPEN released a demo of a Google Chrome exploit that bypasses the Chrome sandbox and executes code with full privileges on the local system. The exploit was not made public, but the Google security team guessed that VUPEN exploited a Flash vulnerability because the Flash sandbox in Chrome is significantly weaker than the sandbox of the HTML renderer process. Since Google bundles the Flash plugin with the browser, a Flash exploit can affect every single user of Chrome. Despite the protests of the Google security team that VUPEN wasn’t playing fair, VUPEN gets credit for pointing out that the Flash sandbox is the weakest link in Google Chrome.