Given the myriad of security mechanisms and technologies tech companies have developed, it’s easy to fall into a sense of complacency and think that what you’re doing is safe from prying eyes.
Truth be told, if skilled attackers really want to see what you’re up to online, there’s not really much you can do to stop them.
Case in point: Last week at the annual Pwn2Own hacking competition, all 4 major browsers were exploited.Safari, Firefox, IE, Google Chrome — none of these browsers can provide safe refuge from hackers.
Incredibly, three of the web browsing hacks — IE 11, Chrome, and Safari — were carried out by one extremely skilled individual named Jung Hoon Lee.
Threatpost reports that Lee’s Chrome exploit was the most challenging to pull off.
The story of the day was Korean researcher Jung Hoon Lee, who worked alone under the name lokihardt and earned the single highest payout for an exploit in the competition’s history, a staggering $110,000 in just two minutes.
Using more ht2000 lines of code, Lee was able to take down both stable and beta versions of Chrome by exploiting a buffer overflow race condition in the browser. He then used an info leak and race condition in two Windows kernel drivers to secure SYSTEM access. The standalone Chrome bug fetched Lee $75,000 while the privilege escalation bug scored him another $25,000. To finish it off Google’s Project Zero, as it usually does when Chrome is hacked at the event, paid Lee an extra $10,000.
For more info on all of browser related hacking exploits at Pwn2Own, HP put together this video which is well worth watching.