Browser security took a drubbing during the first day of an annual hacker contest, with the latest versions of Microsoft's Internet Explorer, Google's Chrome, and Mozilla's Firefox all succumbing to exploits that allowed attackers to hijack the underlying computer.
The Pwn2Own contest, which is sponsored by HP's Tipping Point division, paid $100,000 for the successful exploitation of IE 10 running on a Surface Pro tablet powered by Windows 8. The attack was impressive because it was able to bypass a variety of anti-exploit technologies Microsoft has added to its flagship operating system and browser over the past decade. To succeed, researchers from France-based Vupen Security had to combine multiple attacks, a technique that is growing increasingly common.
"We've pwned MS Surface Pro with two IE10 zero-days to achieve a full Windows 8 compromise with sandbox bypass," the firm announced by Twitter on Wednesday.