Whether you’re talking about Chrome, Firefox, Internet Explorer, or Safari, none of your favorite browsers escaped unscathed when some of the world’s best digital security consultants congregated at Pwn2Own, a hacking competition held during this week’s security-focused CanSecWest conference in Vancouver. The participants in the tournament found and demonstrated exploits in each browser during the event, while racking up cash prizes doled out for successful efforts.
According to PCWorld, this year’s big winner was French outfit Vupen, which zeroed in on vulnerabilities in several programs including a exploit that would allow an attacker to bypass Chrome’s security measures. Vupen also hacked their way into Internet Explorer 11, Firefox, Adobe Flash and Adobe Reader, with Chaouki Bekrar, the group’s founder, earning close to $400,000.
Meanwhile, infamous hacker George Hotz, AKA Geohot, demoed his ability to pull off a remote code execution exploit in Firefox. Various teams also showed off remote code execution exploits, which would permit an attacker to take control of their victim’s computer using browsers like Safari and IE, as well as commonly used software like Adobe Flash Player and Adobe Reader. All told, software-makers awarded $850,000 in prize money to competitors over the two-day competition.
Not everybody does it just for the cash, though. A charity-focused hacking tournament dubbed Pwn4Fun pitted Google security consultants against members of Hewlett-Packard’s DVLabs Zero Day Initiative, or ZDI. Between the IE vulnerabilities found by ZDI and the Safari exploits the Google team used, the pair managed to raise $82,500 for the Canadian Red Cross.