Microsoft Edge browser most hacked at Pwn2Own 2017

Posted on Wednesday, Mar 22 2017 @ 14:56 CET by Thomas De Maesschalck
MS logo
Tom's Hardware reports Microsoft's Edge browser was the most leaky browser at the Pwn2Own 2017 hacking contest. Despite being designed from ground-up to make it more secure, the Edge browser got hacked five times at this year's Pwn2Own event, which is more than the two hacks it got last year. Google's Chrome browser on the other hand remained unhackable during the contest, while Firefox saw one successful hack.

The most impressive Edge security vulnerability managed to compromise not only Edge, but also achieved a complete virtual machine escape!
The most impressive exploit by far, and also a first for Pwn2Own, was a virtual machine escape through an Edge flaw by a security team from “360 Security.” The team leveraged a heap overflow bug in Edge, a type confusion in the Windows kernel, and an uninitialized buffer in VMware Workstation for a complete virtual machine escape.

The team hacked its way in via the Edge browser, through the guest Windows OS, through the VM, all the way to the host operating system. This impressive chained-exploit gained the 360 Security team $105,000.

About the Author

Thomas De Maesschalck

Thomas has been messing with computer since early childhood and firmly believes the Internet is the best thing since sliced bread. Enjoys playing with new tech, is fascinated by science, and passionate about financial markets. When not behind a computer, he can be found with running shoes on or lifting heavy weights in the weight room.

Loading Comments