Every year, browser vendors tighten up the security features of their browsers ahead of the Pwn2own browser hacking competition in a bid to prevent exploitation and prove their browser is most secure. However, these efforts rarely impress the hackers in proving the fact that there is no such thing as a secure browser.
Browsers Hacked at Pwn2Own 2015 Event
The event, Pwn2Own hacking contest rewards hackers with an award money after finding vulnerabilities in every major Internet browser. The contest this year wrapped up successfully in Vancouver after demonstrating remote code execution exploits in 4 major browsers:
- Microsoft Internet Explorer
- Google Chrome
- Mozilla Firefox
- Apple Safari
All the popular, famously hard to compromise browsers fell prey to remote code execution exploits by the second day. A South Korean security researcher and serial browser hacker JungHoon Lee, known online as lokihardt managed to secure a whooping amount of US$225,000 in prize money and new laptop for exploiting Internet Explorer 11 and Google Chrome on Windows, Safari on Mac OS X.
Lee hacked the 64-bit Internet Explorer 11 with a time-of-check to time-of-use exploit that achieved read/write privileges. Before his day ended, he also hacked Apple’s Safari browser earning him $50,000. His accomplishment was particularly impressive since there was no helping hand available to him and he competed alone. Other researchers were teamed up.
Mozilla’s Firefox was hacked by Mariusz Mlynski by using a Windows flaw to gain SYSTEM privileges. The hack earned him a $25,000 bonus on top of the standard $30,000 payout for the Firefox hack.
During each of the challenges thrown before the hackers, the individuals and their teams had 30 minutes to demonstrate exploits on the various Windows and Mac OS targets. List of bugs discovered in the most used and popular browsers during the Pwn2Own hacking competition hosted by HP’s Zero Day Initiative and Google’s Project Zero is provided below.
- Google Chrome: 1 bug
- Apple Safari: 2 bugs
- Adobe Reader: 3 bugs
- Adobe Flash: 3 bugs
- Mozilla Firefox: 3 bugs
- Microsoft IE 11: 4 bugs
- Microsoft Windows: 5 bugs
- Tags: Browsers