$hell on Earth: From Browser Hacking to System Compromise
View Shell on Earth: From Browser to System Compromise
Pwn2Own is all about owning systems/devices—a test of technical skill to see who the best hacker is.
This year’s winning submissions showed who can get super-user (SYSTEM/root) privileges by compromising the security of browsers/browser plug-ins. Seven of eight entries targeted kernel weaknesses, regardless of OS; Apple and Microsoft were successfully owned. Among browser makers, Google fared best—being successfully exploited only once via an attack that abused a previously and independently reported vulnerability.
More than underscoring the state of browser security, however, the successful hacking attempts highlighted a serious security issue—how browsers and browser plug-ins can be used as effective attack vectors. As unknown vulnerabilities surface after every Pwn2Own contest, vendors can only up their game by having security in mind from the time they decide to create products. Vendors can use the proofs of concept that contestants use to improve their products’ security.
For a detailed look at the Pwn2Own 2016 revelations, read $hell on Earth: From Browser to System Compromise.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.
- The Hidden Risk in Your AI Rollout: Your Endpoints
- When AI Becomes a Zero-Day Machine: What Public Sector Organizations Need to Know
- A Data-Driven View of Cyber Risk Structure: How Attack Pressure and Exposure Shape Damage
- Hunt Them All: An AI-Powered Vulnerability Sweep of 19,000 MCP Servers
- Pwning Agentic AI Part I: Your AI Agent Is Already Compromised
Fault Lines in the AI Ecosystem: TrendAI™ State of AI Security Report
It’s By Design: The Use-After-Free of Azure Cloud
Ransomware Spotlight: Agenda
Guarding LLMs With a Layered Prompt Injection Representation