I have bad and good news. Bad news first: Your browser has probably been hacked this week. The good news is that it was at Pwn2Own 2015.
The Pwn2Own It has already become a fixed event for developers, hackers and fans, who can see first-hand the evolution of security in the programs we use most on a daily basis.
The basis of the event is simple: whoever finds a vulnerability and can exploit it takes money. The funny thing is that although in previous years a browser or operating system usually obtained all the prominence, this year things have been more even.
This is how the bug search works in the Pwn2Own
The four main browsers on the market, Google Chrome, Mozilla Firefox, Apple Safari and Microsoft Internet Explorer, have suffered theirs this year and in all of them bugs have been found that allow arbitrary code to be run without user or system permission.
To achieve this, you normally have to bypass the security systems implemented in the browser to execute code; the participants had 30 minutes to demonstrate the bug that they had discovered on computers that they had never touched and with the latest version of the browser and the operating system installed.
In total, 4 bugs were demonstrated in this way in Internet Explorer running Windows 8.1, which was the winner of the event. But Firefox was very close with 3 bugs also in Windows 8.1, Safari in OS X Yosemite with 2 bugs, and finally Chrome in Windows 8.1 did not escape, with a bug; Although his discoverer took the most money, $ 110,000. In total, more than half a million dollars were paid to the participants.
The good thing about Pwn2Own is that the discovered bugs cannot be published. until the developers fix them, something that companies like Mozilla have already announced they will do immediately.