One of the premier hacking contests is Pwn2Own, where security teams get together and see if they can break into the leading operating systems and web browsers. The 2017 version of Pwn2Own is now in the past, and Microsoft’s Edge is the loser.
Edge is an important browser for Microsoft, representing the next generation of Windows web browser that’s intended to take over from Internet Explorer. Microsoft has touted Edge as safer than Google’s Chrome and Mozilla’s Firefox, but Pwn2Own has thrown that assertion into doubt, as Tom’s Hardware reports.
At last year’s event, Chrome took home the prize by only suffering from one partial hack. Edge was in second place with two hacks, which edged out (no pun intended) both Microsoft’s own Internet Explorer and Safari. This year, on the other hand, Edge was hacked a full five times, due to a number of vulnerabilities in systems ranging from the Chakra Javascript engine to a bug in the Windows kernel.
By far the worst hack, however, was an exploit by the 360 Security team that actually managed to escape a virtual machine and attack its host, which had never happened at Pwn2Own. This kind of attack is particularly troublesome, given that one of the very reasons for running a virtual machine is to sandbox an environment and keep host machines safe.
The 360 Security team netted a cool $105,000 for the exploit. Other prizes included $80,000 for Team Ether’s Chakra exploit and $55,000 for Team Lance’s Windows kernel elevation hack. Of all the browsers, Edge was the most lucrative in terms of money awarded.
Safari was a bit more secure than Edge, with three hacks including one that provided root access to MacOS. Firefox made its way back to Pwn2Own after a yearlong hiatus, and its newly implemented sandbox technology helped it take second place with just two successful hacks. Chrome was again the event’s most secure browser, without a single successful hack against it and only one attempt.
While Pwn2Own doesn’t make any real attempt at fairness by ensuring that every browser is attacked an equal number of times, it’s obvious that Microsoft still has some work to do with Edge. Given its prominence in Windows 10, and the company’s commitment to making its latest OS the most dominant desktop environment ever, Edge needs to live up to Microsoft’s billing as the safest browser if it’s going to gain in market share.
