As usual at Pwn2Own, the contest to see who can hack ‘secure’ programs and systems the fastest at the CanSecWest security conference, the big loser was Microsoft, which saw IE 8 on a fully-patched Windows 7 system get cracked in less than two minutes. That said, everyone’s Web browsers were being cracked open left and right at the show … except for Google Chrome.
While Firefox and Safari may be better than IE, these Web browsers didn’t last very long either. As for Google’s own Web browser, at this point, it’s seemed no one’s even tried to bust Chrome according to the group sponsoring the contest, the TippingPoint’s ZDI (Zero Day Initiative).
Why not? After all, everyone who hacks a browser gets a cool $10,000 for their efforts. The reason was predicted by Aaron Portnoy, TippingPoint’s Security Research Team Lead, to be that while Chrome is often affected by vulnerabilities due to its inclusion of the WebKit library, I predict the browser will remain untouched throughout Pwn2Own. This is due to the difficulty in producing an impactful exploit that can break out of the security sandbox.”