March 7, 2013

Chrome, Firefox, Java, IE10 exploited at Pwn2Own competition

Chrome, Firefox, Java, IE10 exploited at Pwn2Own competition

Chrome, Firefox, Java, IE10 EXPLOITED at Pwn2Own competition

During the first day of Pwn2Own competition at the CanSecWest conference in Vancouver , latest versions of all major browsers were exploited by hackers.

Chrome, Firefox and Internet Explorer 10 on Windows 8 were successfully pwned by various competitors, bringing them tens of thousands of dollars in prizes.

French vulnerability research and bug selling firm 'Vupen' brought down IE10 running on a Windows 8 powered Surface Pro tablet by exploiting a pair of flaws.

Researchers Jon Butler and Nils from MWR Labs managed to exploit Google Chrome on Windows 7 and also used a kernel bug to bypass the sandbox.

"By visiting a malicious webpage, it was possible to exploit a vulnerability which allowed us to gain code execution in the context of the sandboxed renderer process. We also used a kernel vulnerability in the underlying operating system in order to gain elevated privileges and to execute arbitrary commands outside of the sandbox with system privileges." they said. For this pwn they received $100,000 as reward.

The Java was also killed in Pwn2Own, Java cracked up to three times by three different hackers. Vupen also managed to exploit a vulnerability in Java, "Writing exploits in general is getting much harder. Java is really easy because there's no sandbox."

According to the participants, Chrome was the hardest target because of its sandbox and Java was the easiest target this year.