Chinese Hackers Break Into Chrome, Safari, Edge; Reveal Browsers' Vulnerabilities
Popular vendors received terrible news over the weekend as reports claimed that Chinese hackers were able to exploit vulnerabilities in major browsers, apps, and common utilities. At the recent Tianfu cup held in Chengdu, China, Chinese China's top white-hat hackers have converged in to test zero-days against top software available in the market today. During the first day of the event, Chinese security researchers were able to break into major browsers such as Safari, Microsoft Edge, and Google Chrome.
Since Mar. 2018, the Chinese government has officially discouraged security researchers from joining hacking competitions outside the county. The recent Tianfu Cup is the venue for hackers to showcase their skills and even earn six-figure bounties for successful exploits. Former Pwn2Own winner Team 360 Vulcan took home $382,500 for successfully hacking the old version of Office 365, Microsoft Edge, Adobe PDF Reader, VMWare Workstation, and gemu+ Ubuntu during the two days event, reports ZDNet.
$200,000 of the winnings came from the VMWare exploit while the $80,000 was from gemu+ Ubuntu exploit. The $102,500 was divided by other apps. Previously, several software vendors started attending hacking competitions and even send representatives to learn about vulnerabilities discovered during the event. This is very useful considering that some vendors immediately release patches and fixes within hours of discovery.
However, only a few vendors were present during the Tianfu Cup. Multiple high-profile, successful exploits were recorded during the event’s first two editions. Search engine giant Google has a representative in the event with some members of the Google Chrome security team present on site. Organizers plan to submit a report of all bugs uncovered during the event to all vendors when the competition concludes, says ZDNet.
Events like this are easy to demonize, but some vendors fail to appreciate that these events help incentivize continuous research into various products so they can be developed more securely. Public hacking competition is way better compared to secret executions with malicious and catastrophic intent.
© Copyright IBTimes 2024. All rights reserved.