Popular Browsers hacked at Pwn2Own 2015 Event

Every year, browser vendors tighten up the security features of their browsers ahead of the Pwn2own browser hacking competition in a bid to prevent exploitation and prove their browser is most secure. However, these efforts rarely impress the hackers in proving the fact that there is no such thing as a secure browser.

HP zero day

Browsers Hacked at Pwn2Own 2015 Event

The event, Pwn2Own hacking contest rewards hackers with an award money after finding vulnerabilities in every major Internet browser. The contest this year wrapped up successfully in Vancouver after demonstrating remote code execution exploits in 4 major browsers:

  1. Microsoft Internet Explorer
  2. Google Chrome
  3. Mozilla Firefox
  4. Apple Safari

All the popular, famously hard to compromise browsers fell prey to remote code execution exploits by the second day. A South Korean security researcher and serial browser hacker JungHoon Lee, known online as lokihardt managed to secure a whooping amount of US$225,000 in prize money and new laptop for exploiting Internet Explorer 11 and Google Chrome on Windows, Safari on Mac OS X.

Lee hacked the 64-bit Internet Explorer 11 with a time-of-check to time-of-use exploit that achieved read/write privileges. Before his day ended, he also hacked Apple’s Safari browser earning him $50,000. His accomplishment was particularly impressive since there was no helping hand available to him and he competed alone. Other researchers were teamed up.

Mozilla’s Firefox was hacked by Mariusz Mlynski by using a Windows flaw to gain SYSTEM privileges. The hack earned him a $25,000 bonus on top of the standard $30,000 payout for the Firefox hack.

During each of the challenges thrown before the hackers, the individuals and their teams had 30 minutes to demonstrate exploits on the various Windows and Mac OS targets. List of bugs discovered in the most used and popular browsers during the Pwn2Own hacking competition hosted by HP’s Zero Day Initiative and Google’s Project Zero is provided below.

  • Google Chrome: 1 bug
  • Apple Safari: 2 bugs
  • Adobe Reader: 3 bugs
  • Adobe Flash: 3 bugs
  • Mozilla Firefox: 3 bugs
  • Microsoft IE 11: 4 bugs
  • Microsoft Windows: 5 bugs

Download this VPN to secure all your Windows devices and browse anonymously
Posted by with Tags
The author Hemant Saxena is a post-graduate in technology and has an immense interest in following Microsoft and other technology developments around the world. Quiet by nature, he is an avid Lacrosse player.