The Hackr

Microsoft’s Edge Browser Hacked Again at Pwn2Own

What is Pwn2Own?

‘Pwn2Own’ is an annual held computer hacking contest head here at CanSecWest security conference. Contestants are challenged to exploit widely used software and mobile devices with previously unknown vulnerabilities. The contest serves to demonstrate the vulnerability of devices or the software in widespread use also provides a checkpoint on the progress made in security field.

Contestants this year at Pwn2Own 2017, in Vancouver just pulled off an unusual feat by compromising Microsoft’s well known Edge browser in a way that it escapes a virtual machine running on VMware Workstation .

Who Achieved This Hack?

This was achieved by a team from Chinese security firm Qihoo 360 by exploiting Edge browser and chained together two more other vulnerabilities and picked up massive $105,000 prize amount.

So How Did They Achieve The Feat?

They succeeded the above hack by leveraging a heap overflow in Microsoft Edge, creating a kind of confusion in the Windows kernel, and an uninitialized buffer in VMware Workstation for a complete virtual machine escape. They backed it clearly in their blog post.

microsoft edge hacked

Another Exploit By Tencent Security

The second VMware Workstation escape was achieved by security analysts at Tencent Security. They succeeded the hack by chaining a Windows kernel use-after-free bug with a VMware Workstation info leak and an uninitialized buffer in VMware Workstation to go guest-to-host. They were also awarded with a whooping amount of $100,000 for chaining together second vulnerability.

Although finally, the two teams were able to escape from the Vmware Workstation virtual machines and stood one and two respectively in the Pwn2Own 2017 competition.

microsoft edge windows 10

 

It is also worth noting that Microsoft is well aware of the four zero-day vulnerabilities in it’s Edge and IE browsers that were being exploited in the wild.

It is known that Edge will also disable flash content upon the release of the Windows 10 creators update.

Sreehas

The hacking trend these days has definitely turned criminal because of e-commerce ¯\_(ツ)_/¯

Chat With Our Bot ☎️

IntroducingTheHackr Chatbot,now anyone can interact with our messenger bot and get daily crunches about Cyber-Security in just a clicks away!

up