Story 2015-03-23 5G4H Chrome, Firefox, Internet Explorer, Safari, Flash Player: all hacked

Chrome, Firefox, Internet Explorer, Safari, Flash Player: all hacked

by
in security on (#5G4H)
So much for browser security. Researchers who participated in the Pwn2Own hacking contest this week demonstrated remote code execution exploits against the top four browsers, and also hacked the widely used Adobe Reader and Flash Player plug-ins. The Pwn2Own contest takes place every year at the CanSecWest security conference in Vancouver, Canada, and is sponsored by Hewlett-Packard’s Zero Day Initiative program. The contest pits researchers against the latest 64-bit versions of the top four browsers in order to demonstrate Web-based attacks that can execute rogue code on underlying systems.

The final count for vulnerabilities exploited this year stands as follows: five flaws in the Windows OS, four in Internet Explorer 11, three each in Mozilla Firefox, Adobe Reader, and Flash Player, two in Apple Safari and one in Google Chrome. All bugs were reported to the affected vendors after the contest, as part of the competition’s rules.
Reply 5 comments

Meta (Score: 1)

by hyper@pipedot.org on 2015-03-23 21:34 (#5JQA)

It is good to see articles like this, discussing recent developments of the web browser. In other news, Internet Explorer being killed off is the happiest news I have heard this year.

Re: Meta (Score: 0)

by Anonymous Coward on 2015-03-23 23:33 (#5JY8)

Internet explorer isn't as bad as it used to be. Heck it even got a built in ad blocker (sadly not on mobile).

Re: Meta (Score: 1)

by hyper@pipedot.org on 2015-03-24 21:25 (#5NGA)

I agree. It is worse. Having had to wrangle with it for the last two months I am ready to quit rather than have to work with it. Absolute nightmare.

Re: Meta (Score: 1)

by zafiro17@pipedot.org on 2015-03-27 22:56 (#5XWR)

IE is mandatory at work, which means that (A) a lots of good sites/tools are totally unusable on the corporate machine (trello.com is one of them. Love Trello and need it at work), and (B) I am stuck with its absolutely awful UI choices. We're using 9 or 10 (can't be arsed to look it up) and it's clear that was a version that was desperately chasing the sleekness of Chrome, but with a development team of not-awfully talented individuals. It really is terrible to use. Simple things like showing bookmarks are not easy, and it has huge rendering errors. I'm glad they are giving up on it - it's the software equivalent of 'design by committee.'

Re: Meta (Score: 1)

by hyper@pipedot.org on 2015-03-28 09:17 (#5YGE)

Corporate like it as the feature controls are extensive and easy to enforce. IE11 is another level of terrible over IE10.