Microsoft edge reviews 20176/1/2023 The most impressive exploit by far, and also a first for Pwn2Own, was a virtual machine escape through an Edge flaw by a security team from “360 Security.” The team leveraged a heap overflow bug in Edge, a type confusion in the Windows kernel, and an uninitialized buffer in VMware Workstation for a complete virtual machine escape. Team Sniper (Tencent Security) also exploited Edge and the Windows kernel using similar techniques, which gained this team the same amount of money, as well. However, Team Lance (Tencent Security) successfully exploited Microsoft’s browser using a use-after-free (UAF) vulnerability in Chakra, and then another UAF bug in the Windows kernel to elevate system privileges. Two other teams withdrew their entries against Edge. (The teams at Pwn2Own are supposed to only use zero-day vulnerabilities that are unknown to the vendor. However, one was disqualified for using a vulnerability that was disclosed the previous day. ![]() ![]() On the second day, the Edge browser was attacked fast and furious by multiple teams.
0 Comments
Leave a Reply. |