Browsers go boom: Pwn2Own hackers take down Chrome, Firefox, & Internet Explorer

chrome-dead_dt

Think the browser your just updated is safe? Nope. Time to pack up the Internet and go home – nowhere is safe anymore. Hackers from France and the UK have cracked Chrome, Firefox, and Internet Explorer and used them to take control of their host computers. The good news? This was only a test. 

The Pwn2Own competition held during the CanSecWest security conference in Vancouver, Canada, awards money to the fastest hackers, and, as you might expect, the hackers turn over their methods and information used to exploit the browsers’ weaknesses. According toZDNet, a French security firm, Vupen, took down both Internet Explorer 10 and Firefox, while MWR Labs, a UK-based security firm, took down Chrome. All of the browsers had recent updates and patches applied to them, so it was no different than the most recent updated version of the browser on your desktop.

So how did they do it? This is where it gets extra tech-speaky. Vupen announced on Twitter that they cracked Internet Explorer 10. “We’ve pwned MS Surface Pro with two IE10 zero-days to achieve a full Windows 8 compromise with sandbox bypass#Pwn2own.” In English: they used two previously unknown holes in Internet Explorer 10 to gain access to Windows 8 on a Surface Pro tablet.

As for how Vupen cracked Firefox, Venture Beat explains it as a method that “involves recalling memory that the browser had previously ‘freed,’ (user-after-free), after which they were able to mess with the technology that protects a computer system from letting bad code execute.”

As if it wasn’t enough that two browsers fell, MWR Labs was able to take down the newest version of Google’s browser, Chrome 25, which just received a bushel full of security updates and patches. Chrome was defeated on a Windows 7 machine by exploiting the sandbox feature of the browser, which, ironically, is supposed to keep your computer safer. 

So what happens now that three major browsers have been exposed as vulnerable? Microsoft, Mozilla, and Google take the hacker’s how-tos and use the information to patch security holes and end up with stronger, safer browsers. 

Meanwhile, other browsers and Web applications are also being put to the test at CanSecWest with somewhat better results. No one was able to crack Safari running in OS X 10.8 Mountain Lion. Additionally, Adobe Flash and Reader on Windows 7 both held up, though hackers at the conference are still working on taking those apps down today.

Lastly, the one app that got kicked around like an old can during the Pwn2Own competition was Java. It was cracked three different times, including once by Vupen. Be careful out there. 

Computing

Edit, sign, append, and save with 12 of the best PDF editors

There are plenty of PDF editors to be had online, and though the selection is robust, finding a solid solution with the tools you need can be tough. Here, we've rounded up best PDF editors, so you can edit no matter your budget or OS.
Mobile

Keep on clicking with the 10 best browsers for Android

Browsing the web on an Android device should not be a pain. Check out our picks for the best browsers for Android, so you can surf the web with greater ease and access a trove of unique features.
Computing

Common Chrome OS problems, and how to fix them

Is something irking you about Chrome OS? Find your problem on our list of bugs, issues, and general complaints about the OS, along with easy solutions to any issues that might arise.
Computing

Sending SMS messages from your PC is easier than you might think

Texting is a fact of life, but what to do when you're in the middle of something on your laptop or just don't have your phone handy? Here's how to send a text message from a computer, whether you prefer to use an email client or Windows 10.
Computing

How to change your Gmail password in just a few quick steps

Regularly updating your passwords is a good way to stay secure online, but each site and service has their own way of doing it. Here's a quick guide on how to change your Gmail password in a few short steps.
Computing

Having enough RAM is important, but stick to these guidelines to save some money

Although not quite as exciting as processors and graphics cards, RAM is one of the most important parts of your PC. Not having enough can hurt performance. So, how much RAM do you need?
Emerging Tech

Awesome Tech You Can’t Buy Yet: 1-handed drone control, a pot that stirs itself

Check out our roundup of the best new crowdfunding projects and product announcements that hit the web this week. You may not be able to buy this stuff yet, but it sure is fun to gawk!
Computing

Need to combine a PDF? Here's how to get it done on both Windows and Mac

Sometimes juggling multiple files at once is more of a hassle than a convenience, especially when a single file would do. This quick guide will teach you how to combine PDF files on Windows, MacOS, or with online tools.
Computing

Need a free alternative to Adobe Illustrator? Here are our favorites

Photoshop and other commercial tools can be expensive, but drawing software doesn't need to be. This list of the best free drawing software is just as powerful as some of the more expensive offerings.
Deals

The best MacBook deals for November 2018

If you’re in the market for a new Apple laptop, let us make your work a little easier: We hunted down the best up-to-date MacBook deals available online right now from various retailers.
Deals

Bigger than Black Friday: Don’t miss the best Single’s Day deals

Thanks to AliExpress, Single's Day – the world's largest retail day – is no longer a foreign affair. If you're ready to do some early holiday shopping or want to score some discounts ahead of Black Friday, we've rounded up some of the…
Gaming

Got an NES Classic? Here’s how to hack it to play more than 700 games

The NES Classic is terrific for what it is, but Nintendo's discontinued device remains limited in what it can play. Here's how to hack your miniature console and render it compatible with more than 700 games.
Product Review

Long live the king! Dell’s new XPS 13 defends its throne with ease

The redesigned Dell XPS 13 doesn’t reinvent the laptop’s winning formula, but does offer much-needed tweaks including the latest Intel hardware and a thinner, lighter body. Is it enough to keep Dell’s laptop at the top of our ratings?
Mobile

Apple to boost its Amazon presence with listings for iPhones, iPads, and more

Apple is about to start offering more of its kit on Amazon. The tech giant currently only has very limited listings on the shopping site, but the deal will see the arrival of the latest iPhones, iPads, MacBooks, and more.