Security Firm Cracks Chrome's Sandbox

Status
Not open for further replies.

Zingam

Distinguished
Mar 17, 2009
502
0
18,930
I have a better solution Firefox in Ubuntu running in VirutalBox on Solaris running on QEMU on Fedora running in VirutalBox in Boxee on Windows. That should be secure???
 

Anomalyx

Distinguished
Apr 2, 2010
195
0
18,630
but will be sharing it only with its government customers.
So... why the heck aren't they sharing it with Google so the vulnerability can be patched quickly? Yet they're sharing it with governments... This reeks of government corruption, as if we didn't already have enough of it...
 

hellwig

Distinguished
May 29, 2008
817
0
18,930
(with the exception of a version of Firefox 4 that runs inside a Linux virtual machine)

You don't need firefox OR Linux. By that logic, IE6 running on Windows ME in a virtual machine is just as secure, assuming you run in snapshot mode and revert the VM back to a clean install after each session. A VM is a VM, if someone gains control of the VM, you just shut it down, that's sort of the whole point.

I am doing something similar every time I need to visit GameCopyWorld: running Opera in a snapshot of "XP Mode" on Windows 7. I've been doing this ever since a malicious ad on GameCopyWorld installed some fake antivirus on my machine a while back. It was my own stupid fault, I clicked "Ok" on a popup that said "This website requires Java to run", and they actually still have those ads, Yay! Anyway, I can do whatever I want, and then simply "Undo" changes to the VM disk. The VM rolls back to a clean state each time. Of course, I thoroughly scan any files I download (because if I actually need the file, I need to make sure it's virus-free), but if anyone manages to exploit something in my browser or the OS, they only get my VM and nothing else.
 

Anomalyx

Distinguished
Apr 2, 2010
195
0
18,630
[citation][nom]Zingam[/nom]I have a better solution Firefox in Ubuntu running in VirutalBox on Solaris running on QEMU on Fedora running in VirutalBox in Boxee on Windows. That should be secure???[/citation]
Nope, there's Windows somewhere in the chain, then it's insecure =P jk
As long as you keep Apple OS's out of the chain, you're fine. I can't help but think that it's a bit overcomplicated, though... o_O
 

NapoleonDK

Distinguished
Nov 3, 2009
218
0
18,840
[citation][nom]Zingam[/nom]I have a better solution Firefox in Ubuntu running in VirutalBox on Solaris running on QEMU on Fedora running in VirutalBox in Boxee on Windows. That should be secure???[/citation]I'm trying this when I get home. :D
 

everygamer

Distinguished
Aug 1, 2006
144
0
18,630
I would expect they are going to let Google know so that they can alter the security, it would be in their best interests (and those government customers of theirs) to do so.
 

legacy7955

Distinguished
May 16, 2011
238
0
18,830
[citation][nom]everygamer[/nom]I would expect they are going to let Google know so that they can alter the security, it would be in their best interests (and those government customers of theirs) to do so.[/citation]

My bet is that this was already done the moment the hacking was achieved.

Like most corporate media stories you rarely get the WHOLE picture. That is no accident either.
 

eddieroolz

Distinguished
Moderator
Sep 6, 2008
3,485
0
20,730
"except sharing with government customers"

Why not Google too, so they can patch it? Or do governments want to keep this as a "backdoor" to hack into people's browsers?
 

IzzyCraft

Distinguished
Nov 20, 2008
218
0
18,830
[citation][nom]dioxholster[/nom]safest browser is Opera.[/citation]
maybe if you consider it not a target of people attacks then sure. Opera is down there with safari when you talk about security features. The best is chrome and IE(IE out of necessity, chrome out of wanting to show off)
 

wifiwolf

Distinguished
Feb 19, 2009
73
0
18,580
[citation][nom]hellwig[/nom]You don't need firefox OR Linux. By that logic, IE6 running on Windows ME in a virtual machine is just as secure, assuming you run in snapshot mode and revert the VM back to a clean install after each session. A VM is a VM, if someone gains control of the VM, you just shut it down, that's sort of the whole point.I am doing something similar every time I need to visit GameCopyWorld: running Opera in a snapshot of "XP Mode" on Windows 7. I've been doing this ever since a malicious ad on GameCopyWorld installed some fake antivirus on my machine a while back. It was my own stupid fault, I clicked "Ok" on a popup that said "This website requires Java to run", and they actually still have those ads, Yay! Anyway, I can do whatever I want, and then simply "Undo" changes to the VM disk. The VM rolls back to a clean state each time. Of course, I thoroughly scan any files I download (because if I actually need the file, I need to make sure it's virus-free), but if anyone manages to exploit something in my browser or the OS, they only get my VM and nothing else.[/citation]

I did that too for some years back with vmware but there are ways to get to the host passing through the vm. That's why this virtual machine had to be done using a reputable solid security OS and tweaked for even more security.
 

dalethepcman

Distinguished
Jul 1, 2010
541
0
18,940
Hrmm I don't know about most secure, but using the built in android browser from the android SDK within windows is pretty safe, and its touch screen responsiveness is better than any of the add ons for chrome or Firefox
 

f-14

Distinguished
Apr 2, 2010
774
0
18,940
[citation][nom]Anomalyx[/nom]So... why the heck aren't they sharing it with Google so the vulnerability can be patched quickly? Yet they're sharing it with governments... This reeks of government corruption, as if we didn't already have enough of it...[/citation]
it's customers, which happenes to be the government. or do you always work for free?
if you work for free boy do i have a job for you!
 
Status
Not open for further replies.