Edge, Microsoft’s most secure browser, got hacked at Pwn2Own

2 minute read
microsoft edge hacked

Home » News » Edge, Microsoft’s most secure browser, got hacked at Pwn2Own

Microsoft has stated countless times that Edge is the most secure browser its engineers have ever created. However, white hat hackers recently proved otherwise.

Pwn2Own is the world’s best-known hacking contest where many hackers gather together and try to identify and exploit software vulnerabilities. At this year’s edition, software solutions such as Oracle VirtualBox, Microsoft Hyper-V Client, Chrome, Safari, Edge, Firefox, Adobe Reader, Microsoft Outlook, and many more were available for hacking.

The winner of the 2018 Pwn2Own edition is Richard Zhu, a hacker who managed to break through Edge’s and Firefox’s security barriers.

Richard returned to target Microsoft Edge with a Windows kernel EoP […] After his first attempt failed, he proceeded to debug his exploit in front of the crowd while still on the clock. His second attempt nearly succeeded, but the target blue screened just as his shell started. His third attempt succeeded with only one minute and 37 seconds left. In the end, he used two use-after-free (UAF) bugs in the browser and an integer overflow in the kernel to successfully run his code with elevated privileges.

Zhu was rewarded $120,000 for his results.

Microsoft should soon roll out a patch

The Pwn2Own contest was organized by Trend Micro’s Zero Day Initiative (ZDI). The company then offered vendor representatives more details about the exploits that hackers used during the competition.

However, these vulnerability details are not yet available to the public as vendors have 90 days at their disposal to issue the corresponding patches.

In other words, Microsoft should soon release a patch targeting these recently revealed vulnerabilities.

Speaking of vulnerabilities, Microsoft recently launched a new bug bounty program that rewards you $250,000 to find security issues in its programs.

For more information on how to protect your Windows 10 computer against the latest cyber security threats, check out the guides listed below:

Discussions

Next up

How to fix Steam browser error 137 [QUICK FIX]

Emmanuel Johnson avatar. By: Emmanuel Johnson
2 minute read

Steam is the most popular gaming platform on PC, but many users reported Steam browser error 137 while using Steam. This error can prevent you […]

Continue Reading

Edge’s SmartScreen is sending your personal data to Microsoft

Vlad Turiceanu By: Vlad Turiceanu
2 minute read

Security issues and shared data were always problems that affected Windows 10 and Microsoft Edge users. Many of them expressed their concerns over the years […]

Continue Reading

Your computer may be sending automated queries [FIXED]

Emmanuel Johnson avatar. By: Emmanuel Johnson
2 minute read

Many users reported Your computer may be sending automated queries while using Google. This issue can be annoying since it will force you to fill […]

Continue Reading