Two researchers on Thursday successfully hacked the four major browsers, Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, and Apple Safari, at the Pwn2Own, the annual hacking contest in Vancouver.
In particular the Korean researcher Jung Hoon Lee earned $110,000 in just two minutes, the man used 2000 lines of code to take down both stable and beta versions of Chrome by exploiting a buffer overflow race condition in the browser.
Lee also hacked in the same day a 64-bit version of IE 11 exploiting a time-of-check to time-of-use (TOCTOU) vulnerability. The flaw exploited between the time a file property is checked and the time the file is used, allowed the research a privilege escalation. Lee awesome, because he closed the day exploiting a use-after-free vulnerability to take down Safari browser.
In just one day, Lee earned about $ 225,000 hacking the main browser. GREAT JOB!
Lee isn’t the unique expert that demonstrated the vulnerability of principal browsers. A researcher operating under the pseudonym ilxu1a hacked Mozilla browser. The researchers discovered an out-of-bounds read/write vulnerability through static analysis and by exploiting it he obtained a medium-integrity code execution. The same exploit did not work for Chrome.
In the following list are reported the list of bugs discovered in the principal browsers during the Pwn2Own hacking competition hosted by HP’s Zero Day Initiative and Google’s Project Zero:
The total amount of money paid to the researchers is $442,500 … I love the Pwn2Own competition because gives value to the knowledge and power to the research!
(Security Affairs – browser, Pwn2Own )
The U.S. Department of State imposed visa restrictions on 13 individuals allegedly linked to the…
A cyber attack has been disrupting operations at Synlab Italia, a leading provider of medical…
Russia-linked APT28 group used a previously unknown tool, dubbed GooseEgg, to exploit Windows Print Spooler…
A financially motivated group named GhostR claims the theft of a sensitive database from World-Check…
Researcher demonstrated how to exploit vulnerabilities in the Windows DOS-to-NT path conversion process to achieve…
Japan's CERT warns of a vulnerability in the Forminator WordPress plugin that allows unrestricted file uploads…
This website uses cookies.
