Stories
Slash Boxes
Comments

SoylentNews is people

All Four Major Browsers Take a Stomping at Pwn2Own Hacking Competition

posted by janrinok on Saturday March 21 2015, @11:02PM   Printer-friendly
from the lynx-FTW dept.

AnonTechie writes:

The annual Pwn2Own hacking competition wrapped up its 2015 event in Vancouver with another banner year, paying $442,000 for 21 critical bugs in all four major browsers, as well as Windows, Adobe Flash, and Adobe Reader.

The crowning achievement came Thursday as contestant Jung Hoon Lee, aka lokihardt, demonstrated an exploit that felled both the stable and beta versions of Chrome, the Google-developed browser that's famously hard to compromise. His hack started with a buffer overflow race condition in Chrome. To allow that attack to break past anti-exploit mechanisms such as the sandbox and address space layout randomization, it also targeted an information leak and a race condition in two Windows kernel drivers, an impressive feat that allowed the exploit to achieve full System access.

[Related]: http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Pwn2Own-2015-Day-Two-results/ba-p/6722884#.VQwyVuF7S_Y

 
This discussion has been archived. No new comments can be posted.
All Four Major Browsers Take a Stomping at Pwn2Own Hacking Competition | Log In/Create an Account | Top | 15 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 0) by Anonymous Coward on Sunday March 22 2015, @02:13PM

    by Anonymous Coward on Sunday March 22 2015, @02:13PM (#161112)

    And how many of these attacks only work if scripting/plugins are enabled?

    More importantly, how many only work on Windows?

    EG, " it also targeted an information leak and a race condition in two Windows kernel drivers"