IE8, Safari, iPhone Easy Pickings for Hackers

Dennis Faas's picture

For the third year in a row, Google's Chrome web browser has put in an impressive performance at the Pwn2Own hacking challenge. Indeed, after two days nobody had even attempted to breach the browser's security, despite an increased reward of $5,000.

The contest involves hackers attempting to exploit security loopholes on the four major web browsers (Chrome, Firefox, Internet Explorer and Safari) to win a $15,000 prize, along with the computer used for the challenge -- hence the contest name.

Contestants are allowed to give judges a website address to visit, simulating the process of a web user clicking on a bogus link, one of the most common ways of spreading malicious software.

$5,000 Bonus for Google Chrome Hack

This year Google was so confident it offered to put up half the cash if the prize for cracking Chrome was increased to $20,000.

The offer only applied for the first of the four days of the challenge and was reliant on the attack specifically exploiting a vulnerability in Google's own code. For the rest of the contest the standard prize applied, but did allow contestants to target a third-party vulnerability through an add-on feature, known in Chrome as an extension. (Source:

Not only was the $5,000 bonus unclaimed, but with one day remaining in the competition (at the time of this writing), it appears nobody is even going to try. Of two teams of contestants who'd said they would target Chrome, one didn't turn up while the other concentrated on a separate category for smartphone operating systems.

Apple Safari, iPhone, Internet Explorer Easily Blitzed

Both Safari and Internet Explorer were breached on the first day of the contest. The iPhone and Blackberry were hacked on the second day. (Source:

Unfortunately for Apple, which issues a major security patch just before the contest began (in what was seen as an attempt to shore up the browser's defenses), Safari lasted just five seconds. (Source:

Internet Explorer was also compromised, though Microsoft's release schedule meant it was version 8 that was under attack at the contest, rather than Internet Explorer version 9, which isn't scheduled to be officially released until after the contest has ended.

So far, Firefox has avoided the hackers' clutches despite some attempts. If it survives the final day (March 11), it will be a major publicity boost for developers Mozilla.

Rate this article: 
No votes yet