Microsoft decided against updating Internet Explorer 8 ahead of Pwn2Own, presumably because it would have come outside of the company's traditional patch cycle. IE8 also fell to its first attacker, Stephen Fewer of Harmon Security. Fewer reportedly used three separate vulnerabilities to escape Protected Mode and bypass ASLR and DEP on Windows 7, something event organizer Aaron Portnoy hasn't seen before at Pwn2Own. Fewer also won $15,000 and the compromised system.
Despite Google's hefty $20,000 prize, no one has even attempted to hack Chrome. Only two parties registered for Chrome but the first contestant was a no-show and the second team wanted to focus on their BlackBerry vulnerability. The $20,000 offering only applied to the first day, but someone could still win $10,000 if they successfully exploit the browser before the event ends on March 11. Hackers will try their hand at Firefox and various mobile platforms today and tomorrow.