After day 1 of Pwn2Own, web browsers appear to have taken a big hit, but Google’s Chrome appears to have come out unscathed.
It didn’t take long, with Safari 4 on Mac OS X Snow Leopard the first victim thanks to the work of Charlie Miller. Millers set up a remote exploit at a web site through which a conference organisers MacBook was taken control after surfing to it.
Internet Explorer 8 on Windows 7 was next, with a similar exploit allowing Peter Vreugdenhil to take control of an organisers laptop once they browsed to a website with the infected code.
Firefox 3 was also exploited on Windows 7 using a memory corruption vulnerability, with another exploit that allows a remote attacker access to a users PC.
Both Opera and Google Chrome were not hacked, with Charlie Miller stating “there are bugs in Chrome but they’re very hard to exploit. I have a Chrome vulnerability right now but I don’t know how to exploit it. It’s really hard. They’ve got that sandbox model that’s hard to get out of. With Chrome, it’s a combination of things — you can’t execute on the heap, the OS protections in Windows and the Sandbox.”
All systems were patched and updated to their latest versions, with the exploits used to remain a secret until browser makers can update their browsers.