Browsers Take Exploit Hits

Thursday, March 7, 2013 @ 11:03 AM gHale

All major browsers came crashing down on the first day of the annual Pwn2Own contest in Vancouver.

Chrome, Firefox and Internet Explorer 10 on Windows 8 all successfully ended up attacked. In addition, considering all the issues it has had lately, it is no surprise the experts were able to exploit Java vulnerabilities.

Google Fixes Chrome Vulnerabilities
Chrome 25 Fixes Vulnerabilities
Security Fixes; PDF Viewer in Firefox 19
Firefox: Silent Add-ons Possible

More than $500,000 is available in prize money from HP’s Zero Day Initiative (ZDI) for successful exploits in Chrome, IE 9 and 10, Firefox, and Safari. Exploits for Adobe’s Reader XI, Flash, and Java can also be a part of the cash payout. ZDI said it will purchase all exploits from contestants pre-registered for the contest.

Firefox fell to a use-after-free zero day exploit that bypassed the browser’s Address Space Layout Randomization (ASLR) and the Data Execution Prevention (DEP) protection in Windows; security company Vupen discovered the vulnerability. Vupen researchers also compromised Internet Explorer 10 on a Surface Pro tablet running Windows 8, a feat that required several weeks to find the flaw in the browser and several more weeks to create an exploit that worked reliably.

Two researchers from MWR Labs successfully attacked Chrome using two vulnerabilities to bypass the Chrome sandbox on Windows. An additional kernel vulnerability discovered by MWR Labs gave the researchers the ability to execute arbitrary commands with system privileges once they had escaped the sandbox. Google is offering a prize of just over $3 million in the Pwnium contest for Chrome and Chrome OS that is running alongside Pwn2Own.

Vupen also exploited a vulnerability in Java, as did researchers from Accuvant Labs and Contextis. Praising Adobe’s effort to secure Flash and Reader, Chaouki Bekrar Vupen’s chief executive said, “Writing exploits in general is getting much harder. Java is really easy because there’s no sandbox.” He added that this was the reason attackers seem to be moving away from Flash exploits in favor of using Java holes.

Leave a Reply

You must be logged in to post a comment.