Major browsers fall prey during hacking contest
Major web browsers were successfully hacked by security researchers who demonstrated the zero-day exploits in the sites during the second day of the Pwn2Own hacking competition in Vancouver.
The researchers were able to exploit the bugs in Google Chrome, Microsoft Internet Explorer, Apple Safari, Mozilla Firefox and Adobe Flash Player.
According to PC World, a team from French vulnerability research firm Vupen hacked Google Chrome by exploiting a use-after-free vulnerability that affects both the WebKit and Blink rendering engines.
Researchers were also able to hack Chrome's sandbox protection to execute arbitrary code on the underlying system.
The report said that the same team of researchers was able to hack Internet Explorer 11, Firefox, Flash Player and Adobe Reader during the first day of the event.
All the vulnerabilities exploited during Pwn2Own were shared with the vendors of the affected products.
During a side challenge dubbed Pwn4Fun, security researchers from Google competed against researchers from Hewlett-Packard's DVLabs Zero Day Initiative (ZDI), in which the Google team hacked Apple Safari and the ZDI team hacked IE11 by combining multiple exploits, the report added.
(Posted on 16-03-2014)