At Google’s own Pwnium competition, Russian university student Sergey Glazunov was awarded Google’s top prize of $60,000 for running a 0-day exploit.
ZDNet said Glazunov used a pair of exploits (only disclosed to Google) to bypass Chrome’s sandbox, but didn’t break out of it entirely. However the exploit would have allowed Glazunov to run any arbitrary code on the infected machine.
Meanwhile within five minutes at Pwn2Own, French security firm Vupen Security bypassed the Chrome sandbox to execute arbitrary code.
According to Ars, Vupen exploited a use-after-free bug in Windows to bypass data execution prevention (DEP) and address space layout randomization (ASLR). Then the team exploited a second, unnamed, native Chrome bug that allowed code to break out of the sandbox.
Eric Schmidt can officially stop saying that Chrome is the safest browser available, it’s just as vulnerable as anything else. Code is code, and it’s made by human beings, mistakes will be made. Chrome might be safer than other browsers, but not infallible.