Gartner Blog Network

Google’s Chrome Browser has a Zero Day – So?

by Neil MacDonald  |  May 13, 2011  |  Comments Off on Google’s Chrome Browser has a Zero Day – So?

I saw this article recently describing an attack against one or more zero day vulnerabilities in Google’s Chrome browser. Worse, the attack reportedly is able to break outside of the “sandbox” (created by the use of mandatory integrity controls within Windows) and execute code at a different trust level. The attack is reportedly not stopped by ASLR or DEP either.

The firm that demonstrated the attack, Vupen, doesn’t disclose the vulnerabilities to the vendors and instead charges its customers for access to its intelligence. So, at this point there are no patches available since Google won’t be able to fix the vulnerabilities until it has more detailed information.

There are a few lessons from this news:

Additional Resources

Evaluating the Security Risks to Blockchain Ecosystems

Blockchain is early in its development, and long-term investments can be risky. Security and risk management leaders must temper the hype with effective risk-mitigation techniques.

Read Free Gartner Research

Category: application-security  security-of-applications-and-data  windows-7  

Tags: apple  application-security  beyond-anti-virus  browser-security  security-summit-na  windows  

Neil MacDonald
VP & Gartner Fellow
15 years at Gartner
25 years IT industry

Neil MacDonald is a vice president, distinguished analyst and Gartner Fellow in Gartner Research. Mr. MacDonald is a member of Gartner's information security and privacy research team, focusing on operating system and application-level security strategies. Specific research areas include Windows security…Read Full Bio

Comments are closed

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.