The scary part was the limitation that hackers weren't allowed to exploit Windows vulnerabilities. When you think of how many unpatched Windows 7 (or older) machines are out there it's no wonder botnets keep growing..
I thought the scary part was the pink my-little-pony wielding a battle-axe that Pinkie Pie chose as his ("his?" ... i assume) mascot. ;) But then, different things scare different people different ways, and maybe I've just become numb the Windows-scare already.
She's known for being able to break the fourth wall (unlike the other ponies in FiM) and doing other "impossible" things, which I'm figuring the hacker may have connected to breaking out of a sandbox.
> the limitation that hackers weren't allowed to exploit Windows vulnerabilities
He guessed "some predictable addresses allocated by Windows" though. Not detracting from the achievement, but this could arguably be stashed in the non-Chrome side of things.
It's normal, and necessary, for the operating system to provide access to standard library functions; the easiest way to do this is having them at well-known addresses. Admittedly windows could do address space randomization which would make the exploit harder, but it should still be possible even with that.
Admittedly windows could do address space randomization which would make the exploit harder
According to Wikipedia, Windows provides one of the best ASLR on the market. I'm not sure why you are singling out Windows as a weak point here.
Windows has for a long time been the prime target of most exploits, and thus have spent considerable effort, on OS-level, to prevent the potential damage. OS X for instance, has almost none of the OS-level security features found in Windows and is a much easier target to exploit.
> According to Wikipedia, Windows provides one of the best ASLR on the market.
According to the same page, ASLR is enabled only for Windows binaries who had the option set at compile/link time. Also I see no sign of your Wikipedia-attributed affirmation; the article even notes a number of deficiencies.
> OS X for instance, has almost none of the OS-level security features found in Windows
I don't know which precise security features you are talking about, but Mac OS X has been iteratively improving on that front: a limited form of ASLR (along with NX bit and W^X) was available since Leopard for 64-bit processes and was iteratively improved in Snow Leopard and Lion. Full parity was brought to 32-bit processes in Lion. Kernel and kexts are fully randomized in Mountain Lion. Also, as far as I know Windows does not enable NX/DEP for non-system processes by default, and does not implement W^X at all. This is a far cry from 'almost none'.
The article makes it sound like since "6 separate bugs" were needed to bring down Chrome, it proves that its a more secure browser (than presumably IE or Firefox). But in 10 days a teenager found 6 bugs in Chrome in 2012? That doesn't sound more secure.
It's probably easier to find bugs the deeper you get. There's the assumption that you're authorized, and fewer people get that deep so exploits come up less. It's far from ideal, but most of the issues are listed as low (2) or medium (2). Only one is listed as high (though the last is undisclosed).