Skip to main content
  1. Home
  2. Computing
  3. Legacy Archives

Browsers go boom: Pwn2Own hackers take down Chrome, Firefox, & Internet Explorer

Add as a preferred source on Google
chrome-dead_dt
Image used with permission by copyright holder

Think the browser your just updated is safe? Nope. Time to pack up the Internet and go home – nowhere is safe anymore. Hackers from France and the UK have cracked Chrome, Firefox, and Internet Explorer and used them to take control of their host computers. The good news? This was only a test. 

The Pwn2Own competition held during the CanSecWest security conference in Vancouver, Canada, awards money to the fastest hackers, and, as you might expect, the hackers turn over their methods and information used to exploit the browsers’ weaknesses. According toZDNet, a French security firm, Vupen, took down both Internet Explorer 10 and Firefox, while MWR Labs, a UK-based security firm, took down Chrome. All of the browsers had recent updates and patches applied to them, so it was no different than the most recent updated version of the browser on your desktop.

Recommended Videos

So how did they do it? This is where it gets extra tech-speaky. Vupen announced on Twitter that they cracked Internet Explorer 10. “We’ve pwned MS Surface Pro with two IE10 zero-days to achieve a full Windows 8 compromise with sandbox bypass#Pwn2own.” In English: they used two previously unknown holes in Internet Explorer 10 to gain access to Windows 8 on a Surface Pro tablet.

As for how Vupen cracked Firefox, Venture Beat explains it as a method that “involves recalling memory that the browser had previously ‘freed,’ (user-after-free), after which they were able to mess with the technology that protects a computer system from letting bad code execute.”

As if it wasn’t enough that two browsers fell, MWR Labs was able to take down the newest version of Google’s browser, Chrome 25, which just received a bushel full of security updates and patches. Chrome was defeated on a Windows 7 machine by exploiting the sandbox feature of the browser, which, ironically, is supposed to keep your computer safer. 

So what happens now that three major browsers have been exposed as vulnerable? Microsoft, Mozilla, and Google take the hacker’s how-tos and use the information to patch security holes and end up with stronger, safer browsers. 

Meanwhile, other browsers and Web applications are also being put to the test at CanSecWest with somewhat better results. No one was able to crack Safari running in OS X 10.8 Mountain Lion. Additionally, Adobe Flash and Reader on Windows 7 both held up, though hackers at the conference are still working on taking those apps down today.

Lastly, the one app that got kicked around like an old can during the Pwn2Own competition was Java. It was cracked three different times, including once by Vupen. Be careful out there. 

Meghan McDonough
Former Contributor
Meghan J. McDonough is a Chicago-based purveyor of consumer technology and music. She previously wrote for LAPTOP Magazine…
Topics
Intel may bring back older desktop CPUs because DDR5 is getting too expensive
Older Intel Core CPUs from 10th to 14th Gen may get a second life
Intel Core i5-12400F box sitting in front of a gaming PC.

Intel may be preparing an unusual response to the ongoing memory crunch. According to Chinese outlet ITHome, citing ChannelGate, the company’s latest production plan includes restarting production of 13th-gen and 14th-gen Core processors.

The move is expected to increase supply across Intel’s 10th, 12th, 13th, and 14th Gen CPU families, especially in mainland China. For DIY PC builders, the timing is important. DDR5 memory prices have climbed sharply, making newer platforms harder to justify for anyone trying to build an affordable gaming PC.

Read more
Amazon wants to design in-house chips for Kindles, Fire TV, and Echo speakers
Apple did it first. Amazon is doing it now, starting with 40 million chips a year and a partner most people have never heard of.
Amazon Kindle Scribe dark mode featured image.

Apple's decision to design its own chips reshaped the consumer electronics industry. Amazon may be about to make the same call, just about two decades later.

Supply chain analyst Ming-Chi Kuo reports that Amazon is preparing to shift away from externally sourced processors for its consumer electronics lineup, marking what he describes as the company's first major processor procurement change in 20 years. The transition is expected to begin in 2027.

Read more
AI wants to summarize it all. TripAdvisor’s misleading reviews show AI will also ruin your travel plans
Spotless, friendly, and totally wrong. AI summaries are hiding the reviews that actually matter.
Tripadvisor logo on MacBook

Planning a trip is stressful enough without wondering if the glowing hotel summary you just read was written by an AI that skipped the scary parts. As it turns out, that might be exactly what's happening on TripAdvisor.

According to an investigation by consumer group Which?, reported by the Guardian, TripAdvisor's AI-generated review summaries are smoothing over serious guest complaints, and in some cases, downright dangerous ones.

Read more