Browsers Take a Beating at This Year’s Pwn2Own Contest

Hide your kids, hide your wives, because they be cracking all the browsers up in here. Not Chrome, not IE, nor Safari or Firefox could find a safe place to hide at HP’s annual Zero Day Initiative conference this year, where hackers from around the world took to their keyboards to show off their hacking skills and teach even the largest tech firms a lesson in how it feels to be humbled.

First on the chopping block was Apple’s Safari browser, which quickly fell to a technique developed by none other than engineers from Google that melted through a fully patched version of OSX Maverick like a hot knife through binary butter. According to representatives from the company the in-conference crack was more for show, as both firms had collaborated before the official event in order to get the holes patched up so no one could text a friend and own someone else’s Macbook by the time the final slide was presented.

HP was quick to bring the hubris though, as Chrome fell just as easily the next morning of the competition.

“[They used an] arbitrary read/write bug with a sandbox bypass resulting in code execution. Upon review, contest judges declared this a partial win due to one portion of the presentation’s collision with a vulnerability presented earlier at Pwnium.”

Team VUPEN of France were the stars of the conference, cracking everything from Chrome to IE in a nearly unstoppable show of skill and firewall-felling finesse. By the time all was said and done not a single browser, IE 11, Firefox 27, or Safari 7 made it out of Lecture Hall B without a couple bruises on the respective coding arms of their engineers.

HP paid out upwards of $850,000 for all the techniques showcased over the two-day crackathon, rewarding the white-hat hackers with lump sums of cold hard cash for their tireless, likely coffee-stained efforts.