Major browsers fall on day one of Pwn2Own, Chrome survives

By Jos · 34 replies
Mar 25, 2010
  1. For the fourth consecutive time in as many years, three of the most common web browsers have been successfully exploited on day one of Pwn2Own. The annual contest is sponsored by security firm TippingPoint, which challenges hackers and security researchers to attack devices running fully up-to-date versions of the latest browsers and operating systems, and then shares the details with the respective software vendors so they can work on patches.

    Read the whole story
  2. SNGX1275

    SNGX1275 TS Forces Special Posts: 10,742   +422

    Sucks that Opera wasn't one of the browsers.
  3. Yeah, I believe they limit it to real browsers only...
  4. If you are implying that Opera isn't a real browser, then you clearly aren't very savvy or a mobile browser user. Opera's Mobile browser is top-notch.
  5. Burty117

    Burty117 TechSpot Chancellor Posts: 3,147   +915

    Opera is a real browser but probably more hackable than we think. So Opera refuse to have it show in the tests and make them look bad.

    Proud to see firefox in there though! Although was expecting it to be hacked more than just a memory corruption flaw.
  6. Fishingelbow

    Fishingelbow TS Rookie

    Opera not a "real" browser...

    Right! It's not full of holes requiring patches every other day! :haha:
  7. TomSEA

    TomSEA TechSpot Chancellor Posts: 2,718   +860

    Lovely...a real vote of confidence for security through our browsers.
  8. Chrome is intriguing, seems to be emerging as a real player among browsers.

    For most of my clients I'm still backing Firefox. In particular, their responses to vulnerabilities remain gratifyingly quick.
  9. Opera is a very good browser and has continuously been at the top of the security charts for years.
  10. compdata

    compdata TechSpot Paladin Posts: 529   +7

    ouch. Doesn't exactly make me feel safe browsing :p
  11. 9Nails

    9Nails TechSpot Paladin Posts: 1,215   +177

    Do they mention if these browsers had plug-ins installed? I seem to recall some previous competitions like this where I.E. and Firefox withstood the attack initially. Then some plug-in's were added to the competition where the winner exploited Quicktime security holes and was then able to compromise the computer.
  12. EXCellR8

    EXCellR8 The Conservative Posts: 1,835

    At this point IE shouldn't even be in the contest...
  13. Too bad Chrome sucks memory like a back-alley hooker.

    The same 10 webpages opened in separate tabs and total memory used:

    IE 8 = 200MB
    FF 3.6 = 240MB
    Chrome 4.1 = 750MB
  14. T77

    T77 TS Enthusiast Posts: 300   +6

    opera is one of the best out there.i wonder why it was not present.
    i wouldn't be surprised if IE wasn't there,it doesn't matter much if it was many people out there use IE8? more and more users are switching to FF,chrome and opera.
    we have to use IE rarely,only when some site would not support chrome,opera...
  15. Badfinger

    Badfinger TS Rookie Posts: 155

    Opera I tried many times, never stuck, but I do have 10.10 installed.
    Opera is a very good browser, I am just a long term Firefox user, and try as I might, none of the new kids keep my attn for very long.

    M$ can cram IE where the sun don't shine, I will never use that thing on purpose, unless there is no other option.

    I started using Firefox around beta .92, so it has been a while, now at 3.6.2
  16. Clrabbit

    Clrabbit TS Rookie Posts: 90

    To be honest I actually like Opera's low usage it in terms mean less stuff is made to Explote it sense such a small user base uses it. Kind of like using some rare-distro of linux secure by obscurity.

    I always worry every time Opera dose something big to attract a bunch of new people.

    I've used Chome a couple of times but you know The ad, code and content blocking is just so lacking. Then again from Googles stand point it's not a good thing when too many people are blocking all you're ads.. Infect the only time I have even ever seen a Adsense ad was when I was using Chrome on some body else's computer.... It was rather strange and disorienting to see so many ads on the Internet. lol
  17. megrawab

    megrawab TS Rookie Posts: 93

    Wow. Chrome is developed very well... Too bad Opera was not included... Atleast it didn't upset me.. Opera is still the best for me then chrome... Where can I study hacking ? ....
  18. LightHeart

    LightHeart TS Rookie Posts: 155


    I read a comment on a web site that Chrome was recently patched before the contest. That is a week before the contest new patches were applied. The other software in the contest had versions that were not patched in several weeks. The point being hackers had more time to work through flaws with the other software.
  19. Burty117

    Burty117 TechSpot Chancellor Posts: 3,147   +915

    Almost everyone above me, why do you all seem afraid of your Browser being hacked?? i know its a possiblity but really only when you navigate to a dodgy website. How many of you visit the most vile porn everyday?

    Honestly I haven't had an anti-virus installed for the last couple of years and my browser has always been FF yet I have not yet been infected! and its nice not to have some stupid anti-virus running in the background take resources for nothing.

    The people in this test as stated by LightHeart all got to start hacking the software weeks in advance.

    I actually feel safer knowing FF only has a memory corruption issue rather than IE which can be hacked within minutes and the entire computer taken control of!
  20. @ Burty, dodgy websites and porn are not the only places you get hacked. Ever click on a "google" right sidebar ad? Got a virus from a $99 cruise ad that could not be gotten rid of. Had to reformat my HD.
  21. Burty117

    Burty117 TechSpot Chancellor Posts: 3,147   +915

    No! i never have, your the ***** who clicked on the ads! I have never clicked on an ad on the internet I will never click on an ad. sure i'll read them but why would you ever trust something that says "£99 cruise" on it? its obviously a lie!

    And another thing, I ONLY use google to search and to find places via Maps. I will never click on there sponsored sites I will never click on a link that doesn't go to a popular site. its just asking for trouble.

    I believe that fair enough browsers are not the greatest piece of coding ever made but its better than than we all give it credit for.

    Most people like Guest here just seem to be a little bit thick and click on adverts and visit sites with names that are obviously going to contain virus's or . . . "ooooww! that looks like a good deal! i can fly half way across the world and they'll pay for the flight!" its obviously fake! why are you clicking on it??

    its not browsers that are insecure, its the person using it.
  22. poertner_1274

    poertner_1274 secroF laicepS topShceT Posts: 4,172

    Definitely a shame not to see how Opera stacks up to this competition. I would like to see what flaws are out there and see them patched.

    Opera is by far my favorite browser, and have been using it since its inception.
    Please do not ask about hacking sites. That is not supported here at TechSpot.
  23. captaincranky

    captaincranky TechSpot Addict Posts: 13,023   +2,556

    You're the best Burty, I guess that's why you feel the need to tell us over and over again.
    Ya know, after being here listening to dueling fanbois spout "truisms" like, "my browser's better than your browser", or maybe, "AMD's better than Intel", (and of course vice versa), porn is like a breath of fresh air.

    See, this is the just reward for taking the moral high ground, unfortunately, so is extreme boredom.

    Try and keep in mind though, that's what system resources are for, to be used.

    My current system lists (on average) 3.5 GBs of RAM with about 2-4 % CPU usage. Wouldn't want to tax that, now would I?
  24. Burty117

    Burty117 TechSpot Chancellor Posts: 3,147   +915

    ha ha! lol! yeah, but when playing crysis on an athlon duel core the moment the anti-virus started it just made the game start to lag and crawl. so at the time it did make a big difference.

    Plus I can promise you your computer goes above 4% when being used or when the anti-virus is scanning your computer. unless you have a really bad hard drive.

    In all fairness though it is alot of the time users fault that the virus got in their computer. I know, its my job. Even if I just monitor someones TS session you can always watch at least one person a day just click on something they obviously are not sure about because they take a moment to think about clicking on it.

    Maybe curiosity killed the cat also killed the computer? =P
  25. For those who dont use an antivirus, how do you know its not infected... if you dont use an antivirus?? Does it look healthy?? Felling in shape?
    About the browser exploits, unless your a sysadmin or IT manager in a big financial company, who cares? Do you store your bank account passwords written in a text file somewhere in your desktop? Do you send your credit card number for everyone who asks for it? If you do, then you should take care, and stop using the Web!! Just walk to your bank like you used to. Its good for your health and maybe your finances.
Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...