Edge, Microsoft’s most secure browser, got hacked at Pwn2Own

2 minute read
microsoft edge hacked

Microsoft has stated countless times that Edge is the most secure browser its engineers have ever created. However, white hat hackers recently proved otherwise.

Pwn2Own is the world’s best-known hacking contest where many hackers gather together and try to identify and exploit software vulnerabilities. At this year’s edition, software solutions such as Oracle VirtualBox, Microsoft Hyper-V Client, Chrome, Safari, Edge, Firefox, Adobe Reader, Microsoft Outlook, and many more were available for hacking.

The winner of the 2018 Pwn2Own edition is Richard Zhu, a hacker who managed to break through Edge’s and Firefox’s security barriers.

Richard returned to target Microsoft Edge with a Windows kernel EoP […] After his first attempt failed, he proceeded to debug his exploit in front of the crowd while still on the clock. His second attempt nearly succeeded, but the target blue screened just as his shell started. His third attempt succeeded with only one minute and 37 seconds left. In the end, he used two use-after-free (UAF) bugs in the browser and an integer overflow in the kernel to successfully run his code with elevated privileges.

Zhu was rewarded $120,000 for his results.

Microsoft should soon roll out a patch

The Pwn2Own contest was organized by Trend Micro’s Zero Day Initiative (ZDI). The company then offered vendor representatives more details about the exploits that hackers used during the competition.

However, these vulnerability details are not yet available to the public as vendors have 90 days at their disposal to issue the corresponding patches.

In other words, Microsoft should soon release a patch targeting these recently revealed vulnerabilities.

Speaking of vulnerabilities, Microsoft recently launched a new bug bounty program that rewards you $250,000 to find security issues in its programs.

For more information on how to protect your Windows 10 computer against the latest cyber security threats, check out the guides listed below:

Next up

Windows 10 April Update will probably land on April, 30

By: Costea Lestoc
2 minute read

The next feature update targeting Windows 10 might be called Windows 10 April Update. This information originates in Microsoft Edge’s welcome page. In a server-side […]

Continue Reading

Windows 10 Lean/CloudE is a smaller version of Redstone 5

By: Costea Lestoc
2 minute read

There’s a new version of Windows in the works these days, and it may target low-specs devices. Microsoft is currently working on a cut down […]

Continue Reading

How to Schedule Automatic Shutdown in Windows 10

By: Ivan Jenic
3 minute read

Sometimes you might want to schedule certain tasks, especially if you don’t have enough time to do them manually. If you want to learn more […]

Continue Reading

Discussions