SHARE

As you know that the Pwn2Own 2013 Competition has started at the CanSecWest and on the First day A news came by which everyone was in Trouble that all Major Browsers has been Exploited on First day , Browsers which are Included are:-

  • Chrome

  • Firefox

  • Internet Explorer 10

They all are Pwned by Various Competitors and they won tens of thousands of dollars in prizes. 

Which browser is hacked by whom and how?

  • Chrome Exploited by MWR Labs

We showed an exploit against previously undiscovered vulnerabilities in Google Chrome running on a modern Windows-based laptop. By visiting a malicious webpage, it was possible to exploit a vulnerability which allowed us to gain code execution in the context of the sandboxed renderer process. We also used a kernel vulnerability in the underlying operating system in order to gain elevated privileges and to execute arbitrary commands outside of the sandbox with system privileges. You can read Full details from MWR Labs from here

  • IE10 Exploited by VUPEN

The full exploit we have used at Pwn2own 2012 was a combination of this specific vulnerability (CVE-2012-1876), which is now patched (as part of the MS12-037 bulletin), and another zero-day vulnerability which allowed us to bypass the IE sandbox (Protected Mode). This latter exploit will not be covered here, as it is still unpatched.

Technical Analysis of the Vulnerability

This critical vulnerability was present in all versions of Microsoft Internet Explorer including IE10 on Windows 8. It results from a heap overflow error which can be triggered with the following piece of code: Read Full details from here

Vupen also managed to exploit a vulnerability in Java, “Writing exploits in general is getting much harder. Java is really easy because there’s no sandbox.”

All Participants were saying that this time Chrome was the Hardest and Java was the Easiest Target this time

Related articles

Enhanced by Zemanta

NO COMMENTS

LEAVE A REPLY

This site uses Akismet to reduce spam. Learn how your comment data is processed.