Microsoft Edge Is The Most Hacked Browser At Pwn2Own 2017

The popular Pwn2Own 2017 hacking contest, which has celebrated its 10th anniversary, came to an end of their three days session in which various security teams have hacked away many browsers and operating systems. Microsoft’s Edge seems to have taken the highest number of hits, while Chrome remained unhackable during this contest.

Microsoft Losing Its Edge

Microsoft has created the Edge browser by rewriting the most of it from the scratch (some parts were even forked from Internet Explorer). The goal of the company was to have a browser which is much more secure and can keep up with Firefox and Chrome when it comes to supporting the latest web and internet standards. The Edge has even implemented sandboxing technologies which are similar to what the Chrome is using, which put it ahead of the Firefox. The Firefox is still trying to play catch-up in this game.

But, despite all these improvements in the code cleanness and the security technologies, it did not quite proven itself when it was faced with experienced hackers at contests like Pwn2Own. In last year’s edition of Pwn2Own, the Edge proved to be a little better than the Internet Explorer and the Safari, but it still ended up being hacked twice, while the Chrome is only hacked once.

The condition this year seems to have gotten worse rather than better, for Edge. In the last year’s Pwn2Own, the Microsoft’s browser was hacked more than five times.

On the first day, Team Ether (Tencent Security) was the first to hack Edge through an arbitrary write in the Chakra JavaScript engine. The team also used a logic bug in the sandbox to escape that, as well. The team got an $80,000 prize for this exploit.

On the second day, the Edge browser was attacked fast and furious by multiple teams. However, one was disqualified for using a vulnerability that was disclosed the previous day.

 

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients