Skip to main content

Browsers go boom: Pwn2Own hackers take down Chrome, Firefox, & Internet Explorer

chrome-dead_dt
Image used with permission by copyright holder

Think the browser your just updated is safe? Nope. Time to pack up the Internet and go home – nowhere is safe anymore. Hackers from France and the UK have cracked Chrome, Firefox, and Internet Explorer and used them to take control of their host computers. The good news? This was only a test. 

The Pwn2Own competition held during the CanSecWest security conference in Vancouver, Canada, awards money to the fastest hackers, and, as you might expect, the hackers turn over their methods and information used to exploit the browsers’ weaknesses. According toZDNet, a French security firm, Vupen, took down both Internet Explorer 10 and Firefox, while MWR Labs, a UK-based security firm, took down Chrome. All of the browsers had recent updates and patches applied to them, so it was no different than the most recent updated version of the browser on your desktop.

Recommended Videos

So how did they do it? This is where it gets extra tech-speaky. Vupen announced on Twitter that they cracked Internet Explorer 10. “We’ve pwned MS Surface Pro with two IE10 zero-days to achieve a full Windows 8 compromise with sandbox bypass#Pwn2own.” In English: they used two previously unknown holes in Internet Explorer 10 to gain access to Windows 8 on a Surface Pro tablet.

As for how Vupen cracked Firefox, Venture Beat explains it as a method that “involves recalling memory that the browser had previously ‘freed,’ (user-after-free), after which they were able to mess with the technology that protects a computer system from letting bad code execute.”

As if it wasn’t enough that two browsers fell, MWR Labs was able to take down the newest version of Google’s browser, Chrome 25, which just received a bushel full of security updates and patches. Chrome was defeated on a Windows 7 machine by exploiting the sandbox feature of the browser, which, ironically, is supposed to keep your computer safer. 

So what happens now that three major browsers have been exposed as vulnerable? Microsoft, Mozilla, and Google take the hacker’s how-tos and use the information to patch security holes and end up with stronger, safer browsers. 

Meanwhile, other browsers and Web applications are also being put to the test at CanSecWest with somewhat better results. No one was able to crack Safari running in OS X 10.8 Mountain Lion. Additionally, Adobe Flash and Reader on Windows 7 both held up, though hackers at the conference are still working on taking those apps down today.

Lastly, the one app that got kicked around like an old can during the Pwn2Own competition was Java. It was cracked three different times, including once by Vupen. Be careful out there. 

Meghan McDonough
Former Contributor
Meghan J. McDonough is a Chicago-based purveyor of consumer technology and music. She previously wrote for LAPTOP Magazine…
Topics
Watch these AI humanoid robots play soccer like Mbappé … sort of
Humanoid robots playing soccer.

Watching these humanoid robots battle it out on the soccer field, you quickly realize that Kylian Mbappé and his fellow professionals really have little to worry about. At least, for now.

The footage (top) was captured last week in Beijing at the RoBoLeague World Robot Soccer League, China's first-ever three-on-three humanoid robot soccer league.

Read more
The robot takeover comes another step closer — at Amazon
An Amazon robot working inside one of the company's warehouses.

Amazon is close to having more robots operating inside its warehouses than humans after the e-commerce giant announced this week that it now has more than a million robots working at its facilities around the world.

Over the years, Amazon has spent billions of dollars on the development and deployment of warehouse-based robots, which handle an array of tasks once performed by human workers.

Read more
This Lenovo ThinkPad laptop is over $1,400 off — hurry while stocks last!
The Lenovo ThinkPad T14 Gen 5 Intel laptop on a white background.

Now's an excellent time to take advantage of laptop deals from Lenovo, which has slashed the prices of a wide range of devices for its Black Friday in July sale. Lenovo's ThinkPad laptops are up to 45% off, and here's one of the most interesting offers available with such a discount — the Lenovo ThinkPad T14 Gen 5 at $1,440 off its estimated value of $3,199, so you'll only have to pay $1,759. That's an excellent price for this fantastic productivity tool, but you're going to have to push forward with your purchase as soon as possible because stocks may run out at any moment.

BUY NOW

Read more