Azimuth Security: May 2010 <body onload='MM_preloadImages(&apos;http://www.azimuthsecurity.com/images/a_02.gif&apos;,&apos;http://www.azimuthsecurity.com/images/r_02.gif&apos;,&apos;http://www.azimuthsecurity.com/images/t_02.gif&apos;,&apos;http://www.azimuthsecurity.com/images/s_02.gif&apos;)'><script type="text/javascript"> function setAttributeOnload(object, attribute, val) { if(window.addEventListener) { window.addEventListener('load', function(){ object[attribute] = val; }, false); } else { window.attachEvent('onload', function(){ object[attribute] = val; }); } } </script> <div id="navbar-iframe-container"></div> <script type="text/javascript" src="https://apis.google.com/js/platform.js"></script> <script type="text/javascript"> gapi.load("gapi.iframes:gapi.iframes.style.bubble", function() { if (gapi.iframes && gapi.iframes.getContext) { gapi.iframes.getContext().openChild({ url: 'https://www.blogger.com/navbar.g?targetBlogID\x3d509652393303233687\x26blogName\x3dAzimuth+Security\x26publishMode\x3dPUBLISH_MODE_HOSTED\x26navbarType\x3dBLUE\x26layoutType\x3dCLASSIC\x26searchRoot\x3dhttp://blog.azimuthsecurity.com/search\x26blogLocale\x3den\x26v\x3d2\x26homepageUrl\x3dhttp://blog.azimuthsecurity.com/\x26vt\x3d1038547295672672920', where: document.getElementById("navbar-iframe-container"), id: "navbar-iframe" }); } }); </script>
azimuth security services training resources about BLOG
project zeus
"You will not be informed of the meaning of Project Zeus until the time is right for you to know the meaning of Project Zeus."
Archives
Current Posts
April 2010
May 2010
August 2010
September 2012
February 2013
March 2013
April 2013
May 2013
June 2013
December 2013
March 2014
January 2015
Posts
The Chrome Sandbox Part 1 of 3: Overview
WOOT Call for Papers
The Chrome Sandbox Part 1 of 3: Overview
posted by Mark @ 5/20/2010 08:26:00 PM  

Earlier this year, CanSecWest hosted the popular "Pwn2Own" contest, whereby contestants attempt to exploit vulnerabilities they have discovered in popular software packages. The contest has a strong focus on web browsers, and this year, it didn't disappoint: all of the major web browsers were successfully compromised, with the notable exception of Google's Chrome. I believe Chrome's survival was largely due to its integrated sandbox, which aims to isolate the browser from being able to perform any potentially adverse operations on the system upon which it is running. I have been working with Google for the last several months on Chrome, with one of my major charges being a security review of the sandbox and its related components. Therefore, with Google's blessing, I thought I might take some time here to discuss the basic sandbox architecture, the attack surface, and present a few examples of vulnerabilities I uncovered during my time working on it.

Read more ยป

Labels: , , , ,

5 comments
WOOT Call for Papers
posted by Mark @ 5/02/2010 02:25:00 AM  

The USENIX Workshop on Offensive Technologies (WOOT '10) CFP is now open! I am on the panel for accepting papers, which are due by May 28th. Anything related to vulnerability research, exploitation, malware, web security, and many more related topics are welcome. For more information, refer to http://www.usenix.org/events/woot10/cfp/. Good luck and looking forward to the submissions!
0 comments
© Copyright 2013 Azimuth Security Pty Ltd