Down go Chrome, Firefox, IE 10, Java, Win 8 at Pwn2Own hacker fest

Share this article:
Chrome falls. (Image via MWRLabs)
Chrome falls. (Image via MWRLabs)

Web browsers Google Chrome, Internet Explorer and Firefox, along with Windows 8 and Java, have been exploited in the Pwn2Own hacking contest in Canada.

Each attack at the CanSecWest conference in Vancouver, British Columbia used zero-day vulnerabilities on a fully patched Windows 7, 8 and OS X Mountain Lion operating system with default configurations. Pwn2Own is run by HP's DVLabs Zero Day Initiative.

Firefox was popped with a use-after-free vulnerability and a new technique that bypasses Address Space Layout Randomization (ASLR) and Data Execution Prevention (DEP) exploit-prevention functionality in Windows, French vulnerability firm and exploit seller Vupen said.

Windows 8 also fell to Vupen researchers, who cracked Microsoft's Surface Pro tablet using two Internet Explorer zero-day vulnerabilities and a sandbox bypass.  

Java, meanwhile, fell to Accuvant Labs' Josh Drake, Contextis' James Forshaw and Vupen, which broke the platform by finding a heap overflow. 

MWRLabs researchers "Nils" and Jon Butler chalked up a reliable sandbox bypass exploit against zero-day vulnerabilities in Chrome. The attack was made by pointing the browser running on an updated Windows operating system to a malicious web page, which granted code execution in the "sandbox rendering" process.

The pair also found a kernel vulnerability that permitted arbitrary commands execution outside of the sandbox with system privileges.

More than half a million dollars was up for grabs in the Pwn2Own. Researchers could earn $100,000 for popping Chrome on Windows 7; the same for hacking Internet Explorer 10 on Win 8; $75,000 for ripping up IE9 on Win 7; $60,000 for owning Firefox on Win 7; and $65,000 for exploiting Apple Safari on OS X Mountain Lion.

Owning IE9 plug-ins on Win 7 attracted $70,000 for Adobe Reader XI, $70,000 for Adobe Flash and $20,000 for Java.

Google will offer a whopping $3.14 million at its sister Pwnium contest, which runs alongside Pwn2Own. The attacks will occur on a WiFi Samsung Series 5 550 Chromebook running an updated stable version of Chrome OS.

The cash pool will be divided into $110,000 for a browser or system level compromise in guest mode or as a logged-in user, delivered via a web page; and $150,000 for a compromise with device persistence – guest to guest with interim reboot, delivered via a web page.

Google shored up Chrome's defenses in the lead up to the hacking contest, with 10 patches that addressed six high-severity flaws. 

A major reason that Google launched its own contest, which premiered at last year's CanSecWest, and dropped support for Pwn2Own was so that it could guarantee it would receive details surrounding the exploits. The Pwn2Own contest doesn't require researchers submit "sandbox escape" information to affected vendors.

This story originally appeared on SCMagazine.com.au.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

Apple implements two-factor authentication

The company followed through on its promise to up iCloud security by implementing two-factor authentication earlier this week.

C&K apologizes for unauthorized access that led to Goodwill breach

A web hosting service apologized for intermittent unauthorized access of its hosted environment over 18 months that led to the Goodwill breach.

Yelp and TinyCo settle with FTC over COPPA Rule violations

Yelp and TinyCo settle with FTC over COPPA ...

Yelp will pay $450,000, and TinyCo will pay $300,000 to settle charges that their mobile apps collected information from children under the age of 13.