Browsers go boom: Pwn2Own hackers take down Chrome, Firefox, & Internet Explorer

chrome-dead_dt

Think the browser your just updated is safe? Nope. Time to pack up the Internet and go home – nowhere is safe anymore. Hackers from France and the UK have cracked Chrome, Firefox, and Internet Explorer and used them to take control of their host computers. The good news? This was only a test. 

The Pwn2Own competition held during the CanSecWest security conference in Vancouver, Canada, awards money to the fastest hackers, and, as you might expect, the hackers turn over their methods and information used to exploit the browsers’ weaknesses. According toZDNet, a French security firm, Vupen, took down both Internet Explorer 10 and Firefox, while MWR Labs, a UK-based security firm, took down Chrome. All of the browsers had recent updates and patches applied to them, so it was no different than the most recent updated version of the browser on your desktop.

So how did they do it? This is where it gets extra tech-speaky. Vupen announced on Twitter that they cracked Internet Explorer 10. “We’ve pwned MS Surface Pro with two IE10 zero-days to achieve a full Windows 8 compromise with sandbox bypass#Pwn2own.” In English: they used two previously unknown holes in Internet Explorer 10 to gain access to Windows 8 on a Surface Pro tablet.

As for how Vupen cracked Firefox, Venture Beat explains it as a method that “involves recalling memory that the browser had previously ‘freed,’ (user-after-free), after which they were able to mess with the technology that protects a computer system from letting bad code execute.”

As if it wasn’t enough that two browsers fell, MWR Labs was able to take down the newest version of Google’s browser, Chrome 25, which just received a bushel full of security updates and patches. Chrome was defeated on a Windows 7 machine by exploiting the sandbox feature of the browser, which, ironically, is supposed to keep your computer safer. 

So what happens now that three major browsers have been exposed as vulnerable? Microsoft, Mozilla, and Google take the hacker’s how-tos and use the information to patch security holes and end up with stronger, safer browsers. 

Meanwhile, other browsers and Web applications are also being put to the test at CanSecWest with somewhat better results. No one was able to crack Safari running in OS X 10.8 Mountain Lion. Additionally, Adobe Flash and Reader on Windows 7 both held up, though hackers at the conference are still working on taking those apps down today.

Lastly, the one app that got kicked around like an old can during the Pwn2Own competition was Java. It was cracked three different times, including once by Vupen. Be careful out there. 

Computing

Intel Command Center lays foundation for next year’s ‘Arctic Sound’ GPU

Intel revealed its new Command Center driver software at GDC 2019. The updated interface will control current Intel integrated graphics and also lays the groundwork for next year's Intel video card.
Computing

Delete tracking cookies from your system by following these quick steps

Cookies are useful when it comes to saving your login credentials and other data, but they can also be used by advertisers to track your browsing habits across multiple sites. Here's how to clear cookies in the major browsers.
Computing

Want to save a webpage as a PDF? Just follow these steps

Need to quickly save and share a webpage? The best way is to learn how to save a webpage as a PDF file, as they're fully featured and can handle images and text with ease. Here's how.
Computing

Pinning websites to your taskbar is as easy as following these quick steps

Would you like to know how to pin a website to the taskbar in Windows 10 in order to use browser links like apps? Whichever browser you're using, it's easier than you might think. Here's how to get it done.
Computing

Windows updates shouldn't cause problems, but if they do, here's how to fix them

Windows update not working? It's a more common problem than you might think. Fortunately, there are a few steps you can take to troubleshoot it and in this guide we'll break them down for you step by step.
Web

How much!? British Airways glitch results in $4.2M quote for family vacation

Website errors sometimes cause flight prices to display at way below the correct price. But British Airways recently experienced the opposite issue when it tried to charge a family more than $4 million for a vacation in Mexico.
Product Review

Acer Predator Triton 500 review

Nvidia’s new RTX 2080 Max-Q is the fastest GPU you’ll find in any laptop, but it usually comes at a steep price. Acer’s Predator Triton 500, starting at $2,500, makes it a little more affordable. But what must you sacrifice in the…
Computing

G-Sync and FreeSync can make your games look better, but which is best?

There are some subtle differences between the two adaptive refresh technology offerings, and they affect cost, performance, and compatibility. Nvidia may have released it's feature first, but in recent years AMD has stepped up to the plate…
Computing

Problems with installing or updating Windows 10? Here's how to fix them

Upgrading to the newest version of Windows 10 is usually a breeze, but sometimes you run into issues. Never fear though. Our guide will help you isolate the issue at hand and solve it in a timely manner.
Computing

Get the Surface Pro 6, with keyboard included, for $1,000 at Microsoft

Thinking of buying a Surface Pro 6? Microsoft is currently running a deal on its latest Windows 2-in-1, letting you bring one home for $1,000 with the keyboard included in the price.
Computing

T-Mobile goes after big cable companies, pilots wireless home internet service

In a shot at big cable companies, T-Mobile is launching a new pilot program to bring an unlimited wireless LTE home internet service to up to 50,000 homes across the United States by the end of 2019.
Mobile

Type away on the best iPad keyboard cases, from the Mini to the Pro

Whether you're looking to replace your laptop with a tablet or merely want to increase your typing speed, a physical iPad keyboard is the perfect companion to the iPad. Check out our top picks for every available iPad model.
Computing

Tablet or notebook? Our favorite 2-in-1 PCs give you the best of both worlds

If you can’t decide if you need a tablet or a notebook, then don’t bother. The best 2-in-1 laptops are both, and they can provide all the power you need. Check out our list for the best 2-in-1s for any user.
Computing

How the Google Stadia could lead to a new era of multi-GPU gaming

Google's Stadia could use more than one graphics card to deliver the high-performance visuals it's promised. If that leads to better developer support for multi-GPUs, could that mean gaming with two or more graphics cards could finally be…