CATEGORIES
home News

Chinese Hackers Shatter Chrome, Safari, Edge Browser Defenses During Tianfu Cup Contest

by Paul LillyTuesday, November 19, 2019, 11:30 AM EDT
Hacking
Several white hat hackers in China spent the weekend infiltrating some of the top web browsers and other applications, as part of the Tianfu Cup. Similar to Pwn2Own, hackers attempt to exploit various software in ways that have not been discovered before, with prizes and bragging rights on the line (as well as better security for us all).

The rules between Tianfu Cup and Pwn2Own are pretty much the same. During the two-day event, hackers racked up points by exposing zero-day vulnerabilities in Microsoft's Edge, Apple's Safari, and Google's Chrome browsers, as well as other applications. Here's how it broke down on the first day of the competition...
  • Microsoft Edge (old version, not Chromium): 3 successful exploits
  • Chrome: 2 successful exploits
  • Safari: 1 successful exploit
  • Office 365: 1 successful exploit
  • Adobe PDF Reader: 2 successful exploits
  • D-Link DIR-878 Router: 3 successful exploits
  • Ubuntu (qemu-kvm): 1 successful exploit
On the second day, hackers successfully exploited the D-Link DIR-878 router four more times, Adobe PDF Reader two more times, and a single instance of VMWare Workstation.

One of the teams, 360Vulcan, gave up attempts to thwart iOS during a highly anticipated session that was to turn until the end of the tournament. However, the team still won the competition, earning a hefty $382,500 payday. Hacking VMWare Workstation was the most lucrative, as it accounted for $200,000 of that total.

Chinese hackers have proven adept at these things, having done really well during past Pwn2Own events. However, in the 2018 the Chinese government banned security researchers from participating in hacking contests outside of China. That is how the TianfuCup came to exist.

There were only a few vendors at the event. A spokesperson told ZDNet that the people who run the event will report all successful exploits to applicable vendors, and if that is the case, it's likely each one will be patched shortly after (as typically happens with these things).
Tags:  Chrome, Safari, security, browsers, Hacking, EDGE, (NASDAQ:AAPL), (nasdaq:msft), (nasdaq:goog)
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment