Whether you’re talking about Chrome, Firefox, Internet Explorer, or Safari, none of your favorite browsers escaped unscathed when some of the world’s best digital security consultants congregated at Pwn2Own, a hacking competition held during this week’s security-focused CanSecWest conference in Vancouver. The participants in the tournament found and demonstrated exploits in each browser during the event, while racking up cash prizes doled out for successful efforts.
According to PCWorld, this year’s big winner was French outfit Vupen, which zeroed in on vulnerabilities in several programs including a exploit that would allow an attacker to bypass Chrome’s security measures. Vupen also hacked their way into Internet Explorer 11, Firefox, Adobe Flash and Adobe Reader, with Chaouki Bekrar, the group’s founder, earning close to $400,000.
Meanwhile, infamous hacker George Hotz, AKA Geohot, demoed his ability to pull off a remote code execution exploit in Firefox. Various teams also showed off remote code execution exploits, which would permit an attacker to take control of their victim’s computer using browsers like Safari and IE, as well as commonly used software like Adobe Flash Player and Adobe Reader. All told, software-makers awarded $850,000 in prize money to competitors over the two-day competition.
Not everybody does it just for the cash, though. A charity-focused hacking tournament dubbed Pwn4Fun pitted Google security consultants against members of Hewlett-Packard’s DVLabs Zero Day Initiative, or ZDI. Between the IE vulnerabilities found by ZDI and the Safari exploits the Google team used, the pair managed to raise $82,500 for the Canadian Red Cross.
- Tesla Model 3 vulnerability exposed at Pwn2Own; hackers take home the car
- Researchers exploit flaws in two browsers installed on MacOS devices
- Researchers find serious exploits in Samsung, Apple and Huawei phones
- Microsoft Edge browser fails to fend off five attacks at Pwn2Own hacking event
- Hackers take over Touch Bar at this year’s Pwn2Own contest