What's amazing about this bug is that at every step you learn something that makes Pinkie Pie more terrifying while <i>simultaneously</i> making the Chrome security model sound more and more forbidding.
In the end it all boiled down to old-style plugins. All the exploits were used to finally install and run an old-style NPAPI plugin.<p>Just like ActiveX, these are binary code that usually runs outsidE of any sandboxing due to compatibility reasons.<p>With NaCL or just the advances in HTML and related technologies, this kind of plugin really should have outlived its usefulness by now and maybe it's time to drop support - at least support for all plugins but a few whitelisted ones from the older ages.<p>Like Flash and maybe QuickTime (though both have a terrible security track record).<p>Though considering the persistence of piling up bugs that was happening here, for all we know, there would have been a different exploit somewhere else that could have worked even without NPAPI. It would just close one more attack surface.
If you don't have a young girl you might not appreciate the link between "Pinkie Pie" and "Pwnie": <a href="http://mlp.wikia.com/wiki/Pinkie_Pie" rel="nofollow">http://mlp.wikia.com/wiki/Pinkie_Pie</a>
This really takes you into the mind of a hacker(the malicious kind). Judging from what I saw it seems they combine a ton of small exploits to produce a major security breach. The amount of understanding of the underlying system you need to have in order to put these exploits together is mind boggling.<p>What do we do against people like this?
It is scary that once you have a foothold it just becomes a matter of time until someone figures out how to use it to piggyback on to more unrestricted space.