Tuesday, March 21, 2017

Microsoft Edge comes last in browser security battle

Edge came off as the least secure browser at the Pwn2Own hacking event, being compromised more times than any other – pretty embarrassing for Microsoft given that the software giant has spent a lot of time talking up Windows 10’s browser on the security front.

The hacking extravaganza held at the CanSecWest security conference, which aims to find critical bugs and flaws so they can be patched, saw Edge being successfully exploited no less than five times (making a far worse account of itself than last year, when it was only hit twice).

Successful hacks leveraged against Microsoft’s browser included efforts using vulnerabilities in the Chakra JavaScript engine, and a major exploit which utilized a heap overflow bug (in combination with other tricks) to pull off a ‘virtual machine escape’.

In other words, the ethical hackers in question managed to escape the confines of a virtual machine to attack the host system it was running on – something that has never before happened at Pwn2Own.

As Tom’s Hardware reports, a team called 360 Security pulled this one off, and netted a cool $105,000 (around £85,000, AU$135,000) for doing so.

Chrome’s security dome

Microsoft Edge ended up being the worst browser in terms of getting hacked, then, but which was the most secure? As with last year’s Pwn2Own, it was Google’s Chrome, which wasn’t hacked at all; an impressive result indeed.

Firefox was beaten once, and Safari was compromised 3.5 times – the ‘half’ being a partial success (it was judged thusly because the bug in question had already been fixed in a beta version of the browser).

Safari didn’t do so well, then, and as we saw at the end of last week, hackers also used Apple’s browser as a route to flash up a message on the new MacBook Pro’s Touch Bar.

Even so, it still did better than Edge.

As we already mentioned, Microsoft is hardly going to be happy about this, particularly given that in recent times it has been hyping Edge strongly on the security front.

We’d be very surprised if a concerted effort isn’t made to ensure that the browser improves its performance and doesn’t finish in last place at next year’s Pwn2Own.



from blogger-2 http://ift.tt/2nFWsqO
via IFTTT

No comments:

Post a Comment