Published in News

Bloke makes killing hacking browsers

by on23 March 2015


Pawn2Own competition

A researcher made a fortune taking down the three major browsers, Internet Explorer, Firefox, Chrome, and as well as Apple Safari, as part of Pwn2Own, the annual hacking contest.

Korean researcher Jung Hoon Lee, who worked alone under the name lokihardt and earned $110,000 in just two minutes.

Using more than 2000 lines of code, Lee was able to take down both stable and beta versions of Chrome by exploiting a buffer overflow race condition in the browser.

He then walloped an info leak and race condition in two Windows kernel drivers to secure SYSTEM access. The Chrome bug earned him $75,000 while the privilege escalation bug netted another $25,000. To finish it off Google's Project Zero, as it usually does when Chrome is hacked at the event, paid Lee an extra $10,000.

Lee boosted his daily total to $225,000 using-after-free vulnerability to take down Safari. Lee exploited an uninitialized stack pointer in the browser, something that bypassed its sandbox and netted him an additional $50,000.

Lee who also took down two other browsers yesterday, told HP Security Research's Dustin Childs that the Chrome exploit was the toughest to pull off.

Rate this item
(5 votes)

Read more about: