News
News Categories

Microsoft Edge was successfully hacked more than any other browser at Pwn2Own hacking contest

By Koh Wanzi - on 21 Mar 2017, 11:20am

Microsoft Edge was successfully hacked more than any other browser at Pwn2Own hacking contest

Pwn2Own is an annual hacking contest where security teams get together and attempt to break into popular web browsers and operating systems. It is organized by Trend Micro’s Zero Day Initiative group, and aims to mimic a real-world zero-day market by offering cash prizes for hacks that successfully hijack PCs running fully patched versions of applications and other software.

Unfortunately for Microsoft Edge, it came away from the contest in a less than flattering light, having been successfully hacked the most times. Edge was hacked a total of five times, compared to three and a half breaches for Safari, one for Firefox, and zero for Chrome.

Chrome was the most secure browser last year as well, with only a partial successful hack.

To be sure, there was only one attempt to hack Chrome this year, which failed in the allotted time. In comparison, Edge had to fend off multiple attempts throughout the three-day contest. But while it’s possible that Chrome may have fared worse had more teams attacked it, or if they had been given more time, the fact remains that Edge isn’t as secure as Microsoft makes it out to be.

Microsoft built Edge as a worthy competitor to Chrome and Firefox that would support the latest web standards and offer better security than Internet Explorer. It even features sandboxing technologies similar to those used in Chrome, which technically gives it an edge (no pun intended) over Firefox.

However, this year’s hacks laid bare the vulnerabilities in systems stemming from things like the Windows kernel and the Chakra Javascript engine. That said, the most egregious hack was an exploit by Qihoo’s 360 security team that successfully hacked into Edge in a way that escapes the VMware Workstation virtual machine it was running in and compromises the host OS.  

This is particularly serious because the whole point of running a virtual machine is to sandbox an environment and make the host machine more secure. This exploit fetched the team a nice US$105,000 in prize money. Overall, Edge was also responsible for the most prize money being awarded.

Pwn2Own does not require every browser to be attacked an equal number of times, so that again raises questions of fairness. Nevertheless, a hack is a hack, and the results show that Microsoft still has work to do to make Edge more secure if it wants to become one of the leading browsers.

Source: Zero Day Initiative via Tom’s Hardware

Join HWZ's Telegram channel here and catch all the latest tech news!
Our articles may contain affiliate links. If you buy through these links, we may earn a small commission.